Analysis of the Relationship Between NIST and FISMA Compliance

Verified

Added on 2022/12/20

AI Summary

This report examines the critical relationship between the National Institute of Standards and Technology (NIST) and the Federal Information Security Management Act (FISMA) in the context of information security. It underscores the importance of protecting organizational data, highlighting the need for confidentiality, integrity, and availability. The report discusses FISMA's role in safeguarding U.S. federal government information systems and the delegation of guideline development to NIST. NIST's standards, categorized into FIPS, Guidance Documents, and Security-Related Publications, are detailed, with a focus on the SP 800 series, including SP 800-37 and SP 800-53. The report further outlines NIST's nine-step process for ensuring FISMA compliance and concludes with the global acceptance of NIST guidelines as a reliable information security framework. The report references several sources including the work of Whitman & Mattord, Howard, Miller, Shankar, and Scofield to support its claims.

THE Relationship between nist and fisma 1
The Relationship Between NIST and FISMA
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Institutional Affiliation(s)]
Author Note
[Include any grant/funding information and a complete correspondence address.]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

THE Relationship between nist and fisma 2
The Relationship Between NIST and FISMA
Information security is a crucial matter for every organization whether it is private or
government-owned, in the current world there exist a lot of threats to information and
information systems hence the need to protect organizations data at storage, during processing,
and on transit. “It is, therefore, the role of every organization to ensure the confidentiality,
integrity, and availability of any information at their disposal”(Whitman & Mattord, 2015).
The US government has enacted several laws that ensure the protection of the privacy of
personal non-public data that are held by various organizations, this ensures that these data are
not accessed by unauthorized individuals who can use them for malicious acts that can result to
damages. The Gramm-Leach-Bliley Act (GLBA) that is also referred to as the Financial
Modernization act was passed in 1999. GLBA created the SafeGuard Rule that requires the
financial institutions to clearly outline how they intend to protect and share their client’s private
information. The SafeGuard Rule paved the way for the formation of The Federal Information
Systems Act (FISMA). “FISMA was signed into law as part of the Government Electronic Act of
2002” (Howard, 2016).
FISMA is a legislation that was passed to ensure the protection of information and
information systems of the US federal governments, in order to achieve this objective FISMA
states a well structured framework for ensuring that all government information assets are well-
guarded from manmade and natural threats that can result in violation of their confidentiality,
integrity, and availability, all federal states are obliged to comply with these set regulations. In
order to achieve its mandate, “FISMA gave National Institute of Science and Technology
(NIST)a duty to develop guidelines and publications for implementing information security by
federal agencies” (Shankar, 2016).

THE Relationship between nist and fisma 3
NIST is a US organization that is charged with the role of developing industry standards
to promote innovation and technology. Therefore, in line with information security NIST has the
duty to develop guidelines for complying with FISMA requirements. In discharging these duties
NIST has organized its standards in three categories namely: Federal Information Processing
Standards (FIPS), Guidance Documents and Recommendation and lastly Other Security-Related
Publications. Through its special publication (SP) 800 series NIST has produced several
documents and recommendations for implementing and monitoring security controls at the
federal agencies. The NIST SP 800-37 provides guidelines for certifying and accrediting federal
government information systems, it sets the minimum requirements that such systems must meet
in order to be regarded secure. This publication is used as the Risk management framework for
FISMA. The NIST SP 800-53 series, on the other hand, outlines the security controls
recommended for the federal information systems, Further controls and recommendations are
published in the NIST SP 800-137 series(Shankar, 2016).
In order to ensure FISMA compliance NIST has outlined an elaborate nine-step process
for implementing a secure and cost-effective information security control, the process documents
how to identify your assests, select a suitable control, review it, implement the selected control
and monitor it continuously and aplly adjustments where possible.(Miller, 2011). The diagram
below shows the NIST framework for FISMA compliance.

THE Relationship between nist and fisma 4
Figure 1 NIST risk management framework for FISMA
In conclusion, NIST has developed various guidelines and standards that if are adhered to
ensure compliance with FISMA requirements and delivers a secure information system, “NIST
guidelines are not only used in the US but have also been widely accepted as a reliable
information security framework world over” (Scofield, 2016).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

THE Relationship between nist and fisma 5
References
Howard, P. D. (2016). FISMA Principles and Best Practices : Beyond Compliance.
https://doi.org/10.1201/b10782
Miller, A. (2011, August 11). Implementing Information Safeguards Under Gramm-Leach-Bliley.
Retrieved June 14, 2019, from https://www.bankinfosecurity.com/implementing-
information-safeguards-under-gramm-leach-bliley-a-160
Scofield, M. (2016). Benefiting from the NIST Cybersecurity Framework. Information
Management; Overland Park, 50(2), 25-28,47.
Shankar, A. (2016). Building a NIST Risk Management Framework for HIPPA and FISMA
Compliance. Retrieved from https://scholarworks.iu.edu/dspace/handle/2022/21326
Whitman, M. E., & Mattord, H. J. (2015, January 1). (PDF) Principles of Information Security,
5th Edition. Retrieved June 17, 2019, from ResearchGate website:
https://www.researchgate.net/publication/311574857_Principles_of_Information_Securit
y_5th_Edition