A Comparative Analysis of FISMA and NIST Security Standards

Verified

Added on 2022/12/20

AI Summary

This report delves into the relationship between the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) in the context of database security. It highlights how FISMA, a U.S. legislation, and NIST, a technology and innovation promoter, work together to secure personal information and manage risks. The report emphasizes that both FISMA and NIST implement risk management programs to protect sensitive data, ensuring integrity, availability, and confidentiality. It discusses their role in identifying risks associated with devices and networks, and their contribution to cybersecurity. The report also references relevant studies and sources to support the analysis, emphasizing the importance of these standards in mitigating security threats and protecting data in both government and corporate environments. The conclusion underlines the similarities between FISMA and NIST in controlling privacy risks and protecting data sets.

DATABASE SECURITY 0
NIST and FISMA

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DATABASE SECURITY 1
The relation between FISMA and NIST
The term FISMA is defined as the federal information security management act
which is United States legislation that defines a comprehensive outline for protecting
personal information. It is mainly used in the government communities and business
industries for securing their operations and block the unauthorized access occurred in the
system. The term NIST is defined as the national institute of standards and technology
which is a kind of physical laboratory that promote innovation and technologies. Gandhi,
Crosby, Siy, & Mandal, (2014) identified that “the FISMA need government agencies for
implementing an information security plan and NIST does not require any government
agency but the major aim of both agencies is to improve the security of information”.
However, the major relation between FISMA and NIST is that both these standards design
and implement a risk management program for protecting the personal data of companies
and government.
Kohnke, Sigler, & Shoemaker, (2016) reported that “protecting information systems
from unauthorized networks is a major problem faced by companies and government". For
controlling and managing security-related issues both FISMA and NIST authorities
implement various kinds of security programs and policies. Moreover, both these
communities have the capability for identifying the risk factors linked with the devices and
networks (Compliance Point, 2018). It is observed that the other relevant relation between
both FISMA and NIST communities is that they also ensure integrity, availability and
confidentiality of sensitive information. Moreover, it is observed that FISMA and NIST both
can maintain and evaluate an inventory of personal information.
Maclean, (2017) argued that “as rapid enhancement in the information technology
increases the rate of security threats and risks that directly impact on the personal
information of government and companies”. It is observed that the NIST produce and
releases policies on best practices in various key features of the hard science involving
security plans and policies. Moreover, the FISMA also work as like NIST which also create
various security guidelines for controlling and managing the cyber-attacks related
problems linked with the computer networks and devices (CSRC, 2018). Both FISMA and

DATABASE SECURITY 2
NIST focus on cybersecurity issues and identify the essential aspects of federal information
security in the government authorities. It is very important for companies to reduce the use
of unauthorized networks and services as stated by FISMA which is similar to the NIST
which follow the guidelines provided by FISMA act. From the previous study, it has found
that the major role of both these authorities is to develop and produce information security
programs and standards and also categorize kinds of information related issues and
problems for protecting the data sets of companies and users. Therefore all these key
aspects and evidence show that both NIST and FISMA are very similar that has the
capability for controlling and managing the privacy issues and risks.

DATABASE SECURITY 3
References
Compliance Point (2018) FISMA & NIST Standards. Retrieved from:
https://www.compliancepoint.com/fisma-and-nist-standards
CSRC (2018) Federal Information Security Modernization Act (FISMA) Implementation
Project Overview. Retrieved from: https://csrc.nist.gov/Projects/Risk-Management
Gandhi, R. A., Crosby, K., Siy, H. P., & Mandal, S. (2014). Gauging the Impact of FISMA on
Software Security. IEEE Computer, 47(9), 103-107.
Kohnke, A., Sigler, K., & Shoemaker, D. (2016). Strategic Risk Management Using the NIST
Risk Management Framework. EDPACS, 53(5), 1-6.
Maclean, D. (2017). The NIST Risk Management Framework: Problems and
recommendations. Cyber Security: A Peer-Reviewed Journal, 1(3), 207-217.