The Relationship Between NIST and FISMA

Verified

Added on 2022/12/20

AI Summary

This article explores the relationship between NIST and FISMA, their roles in information security, and the guidelines and standards developed by NIST for FISMA compliance. It discusses the importance of information security, the laws enacted by the US government to protect personal non-public data, and the role of FISMA in ensuring the protection of information and information systems of the US federal government. It also explains how FISMA assigned the responsibility to NIST to develop guidelines and publications for implementing information security by federal agencies. The article further discusses the three categories of NIST standards, the NIST SP 800 series publications, and the nine-step process outlined by NIST for implementing a secure and cost-effective information security control. It concludes by highlighting the wide acceptance of NIST guidelines as a reliable information security framework worldwide.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

THE Relationship between nist and fisma 1
The Relationship Between NIST and FISMA
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Institutional Affiliation(s)]
Author Note
[Include any grant/funding information and a complete correspondence address.]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

THE Relationship between nist and fisma 2
The Relationship Between NIST and FISMA
Information security is a crucial matter for every organization whether it is private or
government-owned, in the current world there exist a lot of threats to information and
information systems hence the need to protect organizations data at storage, during processing,
and on transit. “It is, therefore, the role of every organization to ensure the confidentiality,
integrity, and availability of any information at their disposal”(Whitman & Mattord, 2015).
The US government has enacted several laws that ensure the protection of the privacy of
personal non-public data that are held by various organizations, this ensures that these data are
not accessed by unauthorized individuals who can use them for malicious acts that can result to
damages. The Gramm-Leach-Bliley Act (GLBA) that is also referred to as the Financial
Modernization act was passed in 1999. GLBA created the SafeGuard Rule that requires the
financial institutions to clearly outline how they intend to protect and share their client’s private
information. The SafeGuard Rule paved the way for the formation of The Federal Information
Systems Act (FISMA). “FISMA was signed into law as part of the Government Electronic Act of
2002” (Howard, 2016).
FISMA is a legislation that was passed to ensure the protection of information and
information systems of the US federal governments, in order to achieve this objective FISMA
states a well structured framework for ensuring that all government information assets are well-
guarded from manmade and natural threats that can result in violation of their confidentiality,
integrity, and availability, all federal states are obliged to comply with these set regulations. In
order to achieve its mandate, “FISMA gave National Institute of Science and Technology
(NIST)a duty to develop guidelines and publications for implementing information security by
federal agencies” (Shankar, 2016).

THE Relationship between nist and fisma 3
NIST is a US organization that is charged with the role of developing industry standards
to promote innovation and technology. Therefore, in line with information security NIST has the
duty to develop guidelines for complying with FISMA requirements. In discharging these duties
NIST has organized its standards in three categories namely: Federal Information Processing
Standards (FIPS), Guidance Documents and Recommendation and lastly Other Security-Related
Publications. Through its special publication (SP) 800 series NIST has produced several
documents and recommendations for implementing and monitoring security controls at the
federal agencies. The NIST SP 800-37 provides guidelines for certifying and accrediting federal
government information systems, it sets the minimum requirements that such systems must meet
in order to be regarded secure. This publication is used as the Risk management framework for
FISMA. The NIST SP 800-53 series, on the other hand, outlines the security controls
recommended for the federal information systems, Further controls and recommendations are
published in the NIST SP 800-137 series(Shankar, 2016).
In order to ensure FISMA compliance NIST has outlined an elaborate nine-step process
for implementing a secure and cost-effective information security control, the process documents
how to identify your assests, select a suitable control, review it, implement the selected control
and monitor it continuously and aplly adjustments where possible.(Miller, 2011). The diagram
below shows the NIST framework for FISMA compliance.

THE Relationship between nist and fisma 4
Figure 1 NIST risk management framework for FISMA
In conclusion, NIST has developed various guidelines and standards that if are adhered to
ensure compliance with FISMA requirements and delivers a secure information system, “NIST
guidelines are not only used in the US but have also been widely accepted as a reliable
information security framework world over” (Scofield, 2016).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

THE Relationship between nist and fisma 5
References
Howard, P. D. (2016). FISMA Principles and Best Practices : Beyond Compliance.
https://doi.org/10.1201/b10782
Miller, A. (2011, August 11). Implementing Information Safeguards Under Gramm-Leach-Bliley.
Retrieved June 14, 2019, from https://www.bankinfosecurity.com/implementing-
information-safeguards-under-gramm-leach-bliley-a-160
Scofield, M. (2016). Benefiting from the NIST Cybersecurity Framework. Information
Management; Overland Park, 50(2), 25-28,47.
Shankar, A. (2016). Building a NIST Risk Management Framework for HIPPA and FISMA
Compliance. Retrieved from https://scholarworks.iu.edu/dspace/handle/2022/21326
Whitman, M. E., & Mattord, H. J. (2015, January 1). (PDF) Principles of Information Security,
5th Edition. Retrieved June 17, 2019, from ResearchGate website:
https://www.researchgate.net/publication/311574857_Principles_of_Information_Securit
y_5th_Edition

1 out of 5

The Relationship Between NIST and FISMA

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

Computer Information System - Doc

Relationship between NIST and FISMA

The Relation Between FISMA and NIST

Organizations complying with GLBA Assignment 2022

Business Risk Assessment: Hazard Categories, Evaluation Criteria, and Outcomes

Cybersecurity Risk Management: Principles, Models, and Frameworks

+13062052269

info@desklib.com