FISMA

From 太極

Revision as of 09:18, 16 June 2022 by Brb (talk | contribs) (→‎Web security)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Federal Information Security Modernization Act (FISMA)

Vocabulary

General Accountability Office (GAO) audit
Authorization to Operate (ATO)
Risk Management Framework (RMF)

A complete FISMA package includes at least the following artifacts:

FIPS-199 System Categorization
E-Authentication Threshold or Risk Analysis (eTA/eRA)
Business Impact Assessment (BIA) (may be documented in Contingency Plan)
System Security Plan (SSP)
Privacy Impact Assessment (PIA)
Interconnection Agreements (e.g., ISA and/or MOUs), if applicable
Configuration Management Plan (CMP)
Contingency Plan (CP)
Contingency Plan Exercise Report (if Moderate or High impact FIPS rated)
Security Assessment Plan (SAP)
Security Assessment Report
Plan of Action and Milestones (POA&M)
ATO Letter signed by Federal Authorizing Official (AO)
AC/IA (access control/identify authentication) SOP

Web security

Invicti security scan. Netsparker

NIST-NVD

National Vulnerability Database https://nvd.nist.gov/vuln, Full Listing

Apache, nginx, ssl versions

determine the OpenSSL version
```
openssl version
```

How To Check the Version of Apache? (In 3 Ways)

httpd -v 
# or 
/usr/local/apache/bin/httpd -v

Use helper.sh to Look Up Version Info

/opt/nginx-controller/helper.sh version 
# OR
nginx -v
# OR
/opt/nginx/sbin/nginx -v

Docker

FIPS Certified Containerization: The Rise of the Enterprise Container Platform

Retrieved from "https://wiki.taichimd.us/index.php?title=FISMA&oldid=33201"