FISMA Certification and Accreditation Handbook

Acknowledgments

Author

Contributing Author

Technical Editor

Foreword

Preface

Chapter 1: What Is Certification and Accreditation?

Chapter 2: Types of Certification and Accreditation

Chapter 3: Understanding the Certification and Accreditation Process

Chapter 4: Establishing a C&A Program

Chapter 5: Developing a Certification Package

Chapter 6: Preparing the Hardware and Software Inventory

Chapter 7: Determining the Certification Level

Chapter 8: Performing and Preparing the Self-Assessment

Chapter 9: Addressing Security Awareness and Training Requirements

Chapter 10: Addressing End-User Rules of Behavior

Chapter 11: Addressing Incident Response

Chapter 12: Performing the Security Tests and Evaluation

Chapter 13: Conducting a Privacy Impact Assessment

Chapter 14: Performing the Business Risk Assessment

Chapter 15: Preparing the Business Impact Assessment

Chapter 16: Developing the Contingency Plan

Chapter 17: Performing a System Risk Assessment

Chapter 18: Developing a Configuration Management Plan

Chapter 19: Preparing the System Security Plan

Chapter 20: Submitting the C&A Package

Chapter 21: Evaluating the Certification Package for Accreditation

Chapter 22: Addressing C&A Findings

Chapter 23: Improving Your Federal Computer Security Report Card Scores

Chapter 24: Resources

FISMA

OMB Circular A-130: Appendix III

FIPS 199

Index

Taylor, Laura P.
Laura Taylor leads the technical development of FedRAMP, the U.S. government's initiative to apply the Federal Information Security Management Act to cloud computing. In 2006, Taylor's FISMA Certification and Accreditation Handbook was the first book published on FISMA. Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions.