FISMA Certification and Accreditation Handbook

著者名：Taylor, L./Taylor, Laura P.

Syngress（2006/12/18発売）

• 言語：ENG
• ISBN：9781597491167
• eISBN：9780080506531

Description

The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements.This book will explain what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws will be cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the C&A project is complete, the reader will learn to perform the security tests and evaluations, business impact assessments system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally the reader will learn to audit their entire C&A project and correct any failures.* Focuses on federally mandated certification and accreditation requirements* Author Laura Taylor's research on Certification and Accreditation has been used by the FDIC, the FBI, and the Whitehouse* Full of vital information on compliance for both corporate and government IT Managers

Table of Contents

AcknowledgmentsAuthorContributing AuthorTechnical EditorForewordPrefaceChapter 1: What Is Certification and Accreditation?Chapter 2: Types of Certification and AccreditationChapter 3: Understanding the Certification and Accreditation ProcessChapter 4: Establishing a C&A ProgramChapter 5: Developing a Certification PackageChapter 6: Preparing the Hardware and Software InventoryChapter 7: Determining the Certification LevelChapter 8: Performing and Preparing the Self-AssessmentChapter 9: Addressing Security Awareness and Training RequirementsChapter 10: Addressing End-User Rules of BehaviorChapter 11: Addressing Incident ResponseChapter 12: Performing the Security Tests and EvaluationChapter 13: Conducting a Privacy Impact AssessmentChapter 14: Performing the Business Risk AssessmentChapter 15: Preparing the Business Impact AssessmentChapter 16: Developing the Contingency PlanChapter 17: Performing a System Risk AssessmentChapter 18: Developing a Configuration Management PlanChapter 19: Preparing the System Security PlanChapter 20: Submitting the C&A PackageChapter 21: Evaluating the Certification Package for AccreditationChapter 22: Addressing C&A FindingsChapter 23: Improving Your Federal Computer Security Report Card ScoresChapter 24: ResourcesFISMAOMB Circular A-130: Appendix IIIFIPS 199Index