Premium Essay


In: Computers and Technology

Submitted By dougray28
Words 894
Pages 4
All federal agencies are required to comply with FISMA guidelines for IT systems security. Failure to pass an inspection can result in unfavorable publicity, increased oversight of your agency, computer breaches, and even a reduction in your IT budget. In this white paper, we’ll look at:

• What FISMA is and why it was created

• Key steps in achieving FISMA compliance

• Tools that can help you meet FISMA requirements

FISMA provides a set of specific guidelines for federal agencies on how to plan for, budget, implement, and maintain secure systems. These new, stricter security guidelines replaced an expired set of rules under the Government Information Security Reform Act. To achieve FISMA compliance, your agency must:

• Plan for security

• Ensure that appropriate officials are assigned security responsibility

• Periodically review IT security controls

• Authorize system processing prior to operations and periodically thereafter.

Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; confidentiality which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and availability, which means ensuring timely and reliable access to and use of information. The term national security system means any information system including any telecommunications system used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency the function, operation, or use of which involves intelligence activities. Requires cryptologic activities related to national security command and control of military forces equipment that is an integral part of a weapon or weapons system or is critical to the direct fulfillment of military or…...

Similar Documents

Premium Essay

Computer Fraud

...said information and actually obtaining needed information within 3-4 hours is a huge benefit. Searching for data online from an employer, prospect employee, or a vendor when considering a partnership in one way or another and obtaining factual data within seconds is an amazing benefit that information technology has provided. As with many situations and/or inventions occurs it can have its pitfalls. With information technology being readily available to anyone has its pitfalls. There are those that utilize information for illegal acts such as identity theft, theft of organizational information, and exploitment within others. With that arrays of illegal and unethical issues have arisen. FISMA The Federal Information Security Management Act (FISMA) was created in 2002. FISMA was created “in early 1999, a senior NASA cyber-security officer wrote an advisory describing cyber-attacks against the agency” (Rainer Jr. & Cegielsky, 2011). Although there have been several other allegations of breaches within their cyber system NASA has not confirmed any of those nor will they comment otherwise. The benefit of having technology by our government and secret officials is undeniably a benefit as this keeps information current and expeditious. On the same token there are those that have the expertise or ability to break into such protected systems. This is when the ethical and legal issues come into play. COMPUTER FRAUD AND ABUSE ACT The Computer Fraud and Abuse......

Words: 821 - Pages: 4

Premium Essay


...Federal Information Systems Management Act (FISMA) The Federal Information Systems Management Act of 2002 is a federal law under Title III of the E-Government Act of 2002. FISMA has brought attention within the federal government to cyber security and emphasized a risk-based policy for cost-effective security. FISMA requires agency officials and chief information officers to annually conduct reviews of the agency’s information security program and report the results to the Office of Management and Budget. FISMA assigns specific responsibilities to federal agencies, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget, in order to strengthen information system security. According to FISMA, the term information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability. Furthermore, FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce information technology security risks to an acceptable level. Implementations on the public sector would be federal agencies like the Federal Bureau of Investigation. They would have to comply with the guidelines to meet the FISMA requirements. The agency would have to develop system security plans for each information system. After doing so they would conduct regular certification and accreditation......

Words: 301 - Pages: 2

Premium Essay

Information Intelligence Act Paper

...Federal Information Security Management Act, 2002 (FISMA) and Electronic Communications Privacy Act, 1986 (ECPA) had advances in information technology that resulted in new ethical issues necessitating the creation of the acts. FISMA was created to protect government information, and assets against natural or man-made threats, while the EPCA was created to revise federal wiretapping and electronic eavesdropping. FISMA is responsible for making sure different agencies are working to ensure the security of data in the federal government. The jobs of these agencies varies from keeping risk at or below specified acceptable levels in a low costing timely manner, and they must also review their information technology security programs yearly. These programs must include provisions for identification and resolution of current IT security weaknesses and risks, as well as protection against future vulnerabilities and threats ( In previous years the federal government received poor marks, and poor cyber security grades that were publicized, there is still improvements in security of information systems. EPCA is composed of three other acts, known as the Wiretap Act, the Stored Communications Act, and the Pen-Register Act. Together these acts contain protections that are useful and important. The Wiretap act deals with the stopping of communication before it goes too far, while the Stored Communication act deals with stored communications not being used, and......

Words: 407 - Pages: 2

Premium Essay


... and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations. PAGE ii Special Publication 800-39 Managing Information Security Risk Organization, Mission, and Information System View ________________________________________________________________________________________________ Authority This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Management Act (FISMA), Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A-130, Appendix III, Security of Federal Automated Information Resour......

Words: 1680 - Pages: 7

Premium Essay

Information Technology Acts Paper

...any potential terrorist more efficiently and effectively. “It expands the authority of the Secretary of the Treasury to regulate the activities of U.S. financial institutions, to combat money laundering.”  (“The PATRIOT Act Revisited ,” 2004). As with anything the government passes, there is always the criticism and there is always those who want it changed or banned. Federal Information Security Management Act (FISMA) was developed in 2002 in response to the fears government networks were not as secure as they wanted. Since government transitioned from mainframe computers to networked computers, Congress became more concerned with the alarming rates of reported hacking into our systems. “Every year, agencies are graded on how well they comply with FISMA. Since the grades were first issued in 2002, most agencies have received a failing grade.” (Hasson, 2008). The intent of FISMA is to help advance information systems to a higher level of security. Even though agencies are receiving better grades every year, there are still flaws and their grades reflect that. FISMA is a three-tiered approach which includes: “Data feeds directly from security management tools, Government-wide benchmarking on security posture, Agency-specific interviews.” ("Homeland Security").  With these steps to help secure our government networks and data base, our agencies become more protected to help ward over cyber attacks and those with intent to hack our data base. Within time we hope to be......

Words: 590 - Pages: 3

Premium Essay

Understanding Nist 800‐37  Fisma Requirements 

... White Paper                 Understanding NIST 800‐37  FISMA Requirements              Contents    Overview ................................................................................................................................. 3  I. The Role of NIST in FISMA Compliance ................................................................................. 3  II. NIST Risk Management Framework for FISMA ..................................................................... 4  III. Application Security and FISMA .......................................................................................... 5  IV. NIST SP 800‐37 and FISMA .................................................................................................. 6  V. How Veracode Can Help ...................................................................................................... 7  VI. NIST SP 800‐37 Tasks & Veracode Solutions ....................................................................... 8  VII. Summary and Conclusions ............................................................................................... 10  About Veracode .................................................................................................................... 11                                      © 2008 Veracode, Inc.  2        Overview  The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § ......

Words: 2451 - Pages: 10

Premium Essay


...NIST Logo and ITL Banner SEARCH CSRC: ABOUT MISSION CONTACT STAFF SITE MAP CSRC HOME GROUPS PUBLICATIONS DRIVERS FEDERAL REGISTER NOTICES NEWS & EVENTS ARCHIVE FISMA Detailed Overview Risk Management Framework (RMF) RMF Steps / FAQs / Guides Applying the RMF to Federal Information Systems Course Security Categorization Security Controls Security Assessment Authorization and Monitoring Security Configuration Settings Industrial Control System Security Compliance Resources News Events Schedule FAQs - FISMA Project FISMA NEWS {Aug. 20, 2013} -- The FISMA Standard / Publication schedule has been updated. Click here to view updated schedule of FISMA documents. {Apr. 29, 2013} -- Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations has been approved as final. To view the full announcement of document release. {Apr. 29, 2013} -- The FISMA Standard / Publication schedule has been updated. Click here to view updated schedule of FISMA documents. {Jan. 18, 2013} – NIST anticipates the release of Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal information Systems and Organizations (Final Public Draft) on Tuesday, February 5th. The final public comment period will run from February 5th through March 1st. Final publication is expected by the end of April. {Nov. 8, 2012} -- Links to keynote presentations on Emerging Risk Management and Cyber......

Words: 599 - Pages: 3

Premium Essay

Dlis Risk Managment Analysis Outline

...of Compliance Laws and Regulations: 1. FISMA: I. FISMA is the Federal Information Security Management act developed to ensure that federal agencies protect their data. II. To be compliant with FISMA we must Develop an agency wide program to provide information security and have annual inspections to determine the effectiveness of our program. 2. COBIT: I. Control Objectives for Information and Related Technology, contains good practices for IT management provided by ISACA. Provides a extensive framework for ensuring your IT is being used to support your organization in the best possible manner. Key Responsible individuals: A. IT manager –planning, budgeting, performance of information systems security. B. Senior Management- Organizational risk as a whole, funding for project. C. Risk Manager – Development and implementation of Risk management plan. D. Audit Team – Internal audits, scheduling of external audits, compliance with laws. Schedule for planning process: Rough Draft – 01/15/2014 Risk Assessment Plan – 01/25/2014 Risk Mitigation Plan – 02/05/2014 Business Impact Analysis Plan – 02/11/2014 Disaster Recovery Plan – 02/25/2014 Response Team Plan – 02/29/2014 Final Draft – 03/11/2014 Risk Management Report: The following risk management report is compiled at the request of Senior Management of the DLIS. Step one in this plan will be to ensure that all department heads are COBIT and FISMA compliant and that all Key Responsible......

Words: 532 - Pages: 3

Free Essay

Mike’s Assignment

...employees in the company and add additional responsibilities on the CISO and his/her staff. Other laws that affect privacy in the workplace are listed below. Americans with Disabilities Act (ADA) - Primer for business. Children's Internet Protection Act of 2001 (CIPA) Children's Online Privacy Protection Act of 1998 (COPPA) Communications Assistance for Law Enforcement Act of 1994 (CALEA) - Official CALEA website. Computer Fraud and Abuse Act of 1986 (CFAA) law summary. Full text at Cornell Computer Security Act of 1987 - (Superseded by the Federal Information Security Management Act (FISMA) Consumer Credit Reporting Reform Act of 1996 (CCRRA) - Modifies the Fair Credit Reporting Act (FCRA). Electronic Funds Transfer Act (EFTA) Summary Fair and Accurate Credit Transactions Act (FACTA) of 2003 Fair Credit Reporting Act (Full Text). Federal Information Security Management Act (FISMA) Federal Trade Commission Act (FTCA) Driver's Privacy Protection Act of 1994 . Text of law at Cornell Electronic Communications Privacy Act of 1986 (ECPA) Electronic Freedom of Information Act of 1996 (E-FOIA) Discussion as it related to the Freedom of Information Act. Fair Credit Reporting Act of 1999 (FCRA) Family Education Rights and Privacy Act of 1974 (FERPA; also know as the Buckley Amendment) Privacy Act of 1974 - including U.S. Department of Justice Overview...

Words: 273 - Pages: 2

Free Essay

Week Two Assignment

...Fire/Natural Disaster 10 100 10 Stolen/corrupt data From lack of access Controls and improper Configuration 10 100 10 Noncompliance with FISMA 10 50 5 Project not finished in time 30 100 30   A quantitative assessment shows the following risks and costs involved with the network expansion: QUANTITATIVE ANALYSIS SURVEY CATEGORY SLE ARO ALE Loss of Data Availability 100,000 10 1,000,000 From DoS/DDoS Attack Loss of data from 100,000 10 1,000,000 Unauthorized access Loss of data from Malware 100,000 5 500,000 Loss of data from Fire/Natural Disaster 10,000,000 2 20,000,000 Stolen/corrupt data From lack of access Controls and improper Configuration 1,000,000 2 2,000,000 Noncompliance with FISMA 500,000 1 500,000 Project not finished in time 100,000 3 300,000 The potential losses for loss of data due to any circumstances previously listed are all estimates, except of course for what we could lose in terms of penalties for project incompletion or an inability to maintain FISMA compliance for the US Government, those are real and boldly stated. Besides what has already been stated, the potential future losses include the bad publicity we......

Words: 931 - Pages: 4

Premium Essay

Information Tech Acts

...cyber security overseeing the agencies' compliance with FISMA and developing analyses for OMB to assist in the development of the FISMA annual report; overseeing the agencies' cyber security operations and incident response and providing appropriate assistance; and annually reviewing the agencies' cyber security programs.” (Homeland Security 2014) As I understand the act, it protects the government against cyber attack. It protects the government from being hacked for information. Which in my line of work is especially important. As a contracting officer, I deal with large amounts of money, taxpayer’s money. It could be catastrophic if the information got out as to where we spend it, how we spend it and how much we spend. Although it can be found in public record at a later point, it can cause problems. If a person bidding a job was to find out the information it would give them the upper hand. Both acts protect the public and the government. In today’s society where information technology has become big business, it encompasses everything we do. We have to have these acts to regulate what happens. Some people may not agree with them but I see the benefits to both. References What is the No Electronic Theft Act?. (2014). Retrieved from Federal Information Security Management Act (FISMA). (2014). Retrieved from ...

Words: 481 - Pages: 2

Premium Essay

Data Breach

...the thefts set up fake post office boxes, causing an investigation for the USPS. Scammers are usually smart and seem to find a great way to get around the system and began to hack, as far as Aetna case the scammers retrieved the customer’s emails from the website. Could the breach been prevented? After a hack or scam has been done, everyone wants to point a finger at two of the people or person to blame, but in cases like this who can you really blame? Well According to The federal information Security Management Act (FISMA); which is the Federal Information Security Management Act of 2002 that was passed as Title III of the E-Government Act (Public Law 107-347) in December 2002, Stats that there are certain rules and guideline to follow to be in compliance (COMPLIANCE GUIDELINES, 2013). Also According to FISMA have something called an 8 step process and it requires…. 1. Create an IT hardware & software inventory. 2. Perform a Gap Analysis to establish security controls baseline. 3. Perform a Risk Assessment of security control 4. Create a security system plan and documentation. 5. Implement and deploy the security controls. 6. Perform an audit of the security controls to determine effectiveness. ......

Words: 623 - Pages: 3

Free Essay

Unit 6 Quiz

...authorities, and more. Sarbanes-Oxley Act (SOX) The SOX Act applies to any business that is required to be registered with the Securities and Exchange Commission. This is any publicly traded company. In other words, if someone can buy stocks for your company, then SOX applies. SOX establish a set of standards. Even if they don’t apply directly to private businesses, private businesses can use these same standards. If organizations face legal issues later, they can point to their actions as good faith efforts to avoid the problems. Federal Information Security Management Act (FISMA) FISMA applies to all U.S. federal agencies. The goal is to ensure that federal agencies take steps to protect their data. If you work in a federal agency, FISMA applies. The NIST is tasked by FISMA to develop standards, guidelines, and best practices to support FISMA. Special publications created by NIST for FISMA are available publically. Family Educational Rights and Privacy Act (FERPA) FERPA applies to all education institutions and agencies that receive funding under any program administered by the U.S. Department of Education (ED). The obvious examples are any public schools from grades K through 12. However, many other entities can receive funding from ED. This includes any school or agency offering preschool programs. It includes any institution of higher education. It can also include community colleges or any other education institution. Children’s Internet Protection......

Words: 994 - Pages: 4

Premium Essay

Cis438 - Term Paper - Security Regulation Compliance

...Term Paper: Security Regulation Compliance Giancarlos Guerra Strayer University CIS 438 - Information Security Legal Issues Abstract: In this paper I shall provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of, including: i. FISMA; ii. Sarbanes-Oxley Act; iii. Gramm-Leach-Bliley Act; iv. PCI DSS; v. HIPAA; vi. Intellectual Property Law. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements. Term Paper: Security Regulation Compliance Introduction In the day-to-day operations of information security, security professionals often focus the majority of their time dealing with employee access issues, implementing security methods and measures, and other day-to-day tasks. They often neglect legal issues that affect information security. As a result, organizations often violate security-related regulations and often have to pay heavy fines for their non-compliance.” A Chief Information Officer in a government agency should realize the need to educate for senior leadership on some of the primary regulatory requirements, and realize the need to ensure that the employees in the......

Words: 2284 - Pages: 10

Free Essay

Information Technology Act Paper

...telemarketer calls? How many emails have you received saying you’ve won the lottery in London or that the Prince of Nigeria would like to conduct business with you? It is these types of issues that motivated the United States Congress to enact several laws to protect America and its citizens from technological attacks and exploitation. In this paper, I will describe two such acts and discuss the advances in technology that resulted in new ethical issues making each such act necessary. In 2002, the United States Government enacted the Federal Information Security Management Act (44 U.S.C. § 3541, et seq.), or FISMA. FISMA recognizes the significance of information security to the economic and national security interests of the United States and mandates that each federal agency develops documents, and implements an agency wide program to provide information security for that agency ("FISMA Center", 2010). This law was enacted due to the thousands of cyber-attacks of several Federal Agencies by both foreign and domestic hackers which stole untold amounts of information and caused approximately 1.9 billion dollars in damages due to the required shutdown of Government Agencies, such as NASA, for weeks at a time in order to fix the holes in the Agencies’ Information Systems. (Rainer Jr. & Cegielski, 2011). The Do Not Call Act of 2003 (15 U.S.C. § 6101 et. Seq.) was signed into law March 11, 2003 by President George W. Bush on March 11, 2003. The law established the Federal......

Words: 516 - Pages: 3