logo

Computer Information System - Doc

   

Added on  2021-05-31

6 Pages1056 Words52 Views
Running Head: COMPUTER INFROMATION SYSTEM 1Computer information systemName of the Student:Institution Affiliations:

COMPUTER INFROMATION SYSTEM 2FISMA compliance as required in the Modernization Act of 2014FISMA compliance is achieved by following a project-oriented process. NIST explains this process in six steps: system initiation, development and acquisition, implementation, operation and maintenance and disposalThis can further be summarised in the diagram belowThe number of controls/sub-controls in the compliance requirementFISMA is a critical regulation requirement for federal data security guidelines and standards. It was brought forth to help reduce the risk which the federal information data is exposed to and also help to reduce the cost incurred on information security. To achieve the objectives FISMA set some security standards and guidelines that all federal agencies had to meet. However, FISMA also applies to private companies (Gantz & Philpott, 2013). The

COMPUTER INFROMATION SYSTEM 3national Institutive of standards and technology plays an essential role in the implementation of FISMA project which was launched in January 2003. Thus it came up with the fundamental guidelines and security standards required by FISMA (Johnson, 2015). Some of this publications include FIPS 200, NIST 800 and FIPS 199. NIST SP 800-53 gives a well-explained catalog of some security controls which is necessary for FISMA compliance (Gantz & Philpott, 2013). However, it is not necessarily that an agency needs to implement all the controls that are critical to the organizations. Thus agencies need to select appropriate controls to satisfy security requirement (Kott & Linkov, 2018). In the end, the said organization is supposed to document the security controls they selected in their system security plan. NIST 800-53 divides security controls into three categories custom, Hybrid, and Common. Custom controls are those meant to be used by personal devices or application.Hybrid controls are those that have a standard monitor and are typically customized according to the requirements of a specific application or device. Common controls are those that are often used in an organization. Risk Management FrameworkAnother framework that may be used to complement and facilitate the meeting of compliance regulation includes the Risk Management Framework. The specification and selection of security controls are usually achieved as part of the organization security that is categorized as the management of organizational risk (Bourne, 2014). The management of organizational risk is an essential framework because it helps in selecting the best security controls for a system.

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
The Relationship Between NIST and FISMA
|5
|859
|27

Relationship between NIST and FISMA
|4
|635
|21

The Relation Between FISMA and NIST
|4
|675
|66

RMF To-Do List
|21
|3616
|278

Business Launching And Expansion Report
|7
|831
|15

Cybersecurity Risk Management Quiz
|5
|872
|140