The Federal Information Security Management Act (FISMA) of 2002 places significant requirements on Federal agencies for the protection of information and information systems. In response to this important legislation, the National Institute of Standards and Technology (NIST) is leading the development of key information system security standards and guidelines as part of its FISMA Implementation Project. This high priority project includes the development of security categorization standards, standards and guidelines for the specification, selection, and testing of security controls for information systems, and guidelines for the certification review and accreditation of information systems.
Did you find this white paper useful?
24 out of 50 users found this white paper useful
Related white papers
Complexity versus Security: How to Strike a Balance and Maintain Your Sanity
Instead of buying expensive individual products that add complexity to an organization's security architecture, many small to medium businesses are now able to take a holistic approach to their needs....
Reduce the Risk of Costly Data Breaches: Three Pillars of Data Protection
There are numerous regulations that govern the protection of private, personal and confidential data regardless of whether the data resides on a secure mainframe computer, desktop PC or mobile device...
Attacks and Countermeasures: A Study of Network Attack Classes and Security Components to Protect Against Them
There are many types of network attacks, and security solutions to address almost all of them. Most attack types fall into three major categories: attacks on integrity, attacks on confidentiality...
Network Segmentation
Traditional network security has been based on separating the enterprise internal network from all external connections and controlling what is allowed to enter. This plan cannot deliver effective security in...
Security of the WEP Algorithm
The 802.11 standard describes the communication that occurs in wireless local area networks (LANs). The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from eavesdropping. A secondary...
Computer Security Policy: An Introduction to Computer Security
Some organizations issue overall computer security manuals, regulations, handbooks, or similar documents. These may mix policy, guidelines, standards, and procedures, since they are closely linked. While manuals and regulations can...
Gain a clear understanding of your organization's security posture -- then act decisively to improve it
Threats to your organization's IT security occur daily and evolve constantly. In fact, virtually every organization has a "security gap" between its current protection level and the level where it...
