FISMA: Difference between revisions
Jump to navigation
Jump to search
(Created page with "[https://www.dhs.gov/fisma Federal Information Security Modernization Act (FISMA)] Vocabulary * General Accountability Office (GAO) audit * Authorization to Operate (ATO) *...") |
No edit summary |
||
| Line 20: | Line 20: | ||
* Plan of Action and Milestones (POA&M) | * Plan of Action and Milestones (POA&M) | ||
* ATO Letter signed by Federal Authorizing Official (AO) | * ATO Letter signed by Federal Authorizing Official (AO) | ||
* AC/IA (accessible content/identify and access management) SOP | |||
Revision as of 11:54, 14 January 2019
Federal Information Security Modernization Act (FISMA)
Vocabulary
- General Accountability Office (GAO) audit
- Authorization to Operate (ATO)
- Risk Management Framework (RMF)
A complete FISMA package includes at least the following artifacts:
- FIPS-199 System Categorization
- E-Authentication Threshold or Risk Analysis (eTA/eRA)
- Business Impact Assessment (BIA) (may be documented in Contingency Plan)
- System Security Plan (SSP)
- Privacy Impact Assessment (PIA)
- Interconnection Agreements (e.g., ISA and/or MOUs), if applicable
- Configuration Management Plan (CMP)
- Contingency Plan (CP)
- Contingency Plan Exercise Report (if Moderate or High impact FIPS rated)
- Security Assessment Plan (SAP)
- Security Assessment Report
- Plan of Action and Milestones (POA&M)
- ATO Letter signed by Federal Authorizing Official (AO)
- AC/IA (accessible content/identify and access management) SOP