Application Security's Role in FISMA Compliance


Click here to download now

Source: Fortify
Date: December 2009
Type: White Paper
Rating: (0)

Overview: The Federal Information Security Management Act of 2002 provides a comprehensive framework for ensuring effective information security controls for all federal information and assets. The Act aims to bolster computer and network security within the Federal Government by mandating periodic audits. Based on this framework, FISMA mandates that all government agencies report their overall security posture to the Office of Management and Budget, which in turn reports to Congress annually.

In addition, the National Institute of Standards and Technology (NIST) is chartered with developing and issuing standards and guidelines that federal agencies must follow to implement and manage cost-effective FISMA programs. It has created a risk-based framework that federal agencies can use to assess, select, monitor and document security controls for their information systems.

Still, for organizations tasked with complying with FISMA, there are many challenges. As some agencies have learned, putting NIST’s 800-Series guidelines into effect requires more than simple security scans or adherence to a schedule of periodic audit and reporting cycles. Successfully meeting its requirements requires fundamental cross-organizational changes and often intra-agency procedures that often are challenging to affect.

Compliance regulations such as these have been developed to help government agencies ensure that the software that runs their agencies is protected. This CISO’s Guide to FISMA provides a checklist for Government CISO’s to help understand what steps need to be taken to protect their agency’s confidential data and information.

Not what you're looking for? Search again
Go Advanced »
More From the Application Security Section

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management

Development : Architecture & Design, C/C++, Database, Development Tools, Embedded Systems, High Performance Computing, Java, Mobility, Security, Web Development, Windows/.NET, Open Source

Government : Cloud/SaaS, Enterprise Applications, Enterprise Architecture, Federal, Information Management, Leadership, Mobile & Wireless, Policy & Regulation, Security, State & Local

Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers

Healthcare : Policy & Regulation, Leadership, Security & Privacy, Mobile & Wireless, Electronic medical records, Clinical information systems, Administration systems, Interoperability, The Patient

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business

Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends

Mobility : 3G Wireless/Broadband, 802.11x, Fixed Mobile Convergence, Mobile Business, Mobile Messaging, Muni Wireless, RFID, Smartphones, Wi-Fi VOIP, Wi-Fi/WiMax, Wireless Security, WLAN

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds

Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats

Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services

Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Call Centers, Presence, Collaboration Systems, Business, Regulation, Internet policy

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Office Suite, Open Source, Operating system, Security


More Security Resources

4 Ways DNS Can Accelerate Business Growth
This DNS ebook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced traffic management ......

More On Security