FISMA: Difference between revisions

From 太極
Jump to navigation Jump to search
No edit summary
No edit summary
Line 20: Line 20:
* Plan of Action and Milestones (POA&M)  
* Plan of Action and Milestones (POA&M)  
* ATO Letter signed by Federal Authorizing Official (AO)
* ATO Letter signed by Federal Authorizing Official (AO)
* AC/IA (accessible content/identify and access management) SOP
* AC/IA (accessible content OR access control/identify and access management) SOP

Revision as of 11:57, 14 January 2019

Federal Information Security Modernization Act (FISMA)

Vocabulary

  • General Accountability Office (GAO) audit
  • Authorization to Operate (ATO)
  • Risk Management Framework (RMF)

A complete FISMA package includes at least the following artifacts:

  • FIPS-199 System Categorization
  • E-Authentication Threshold or Risk Analysis (eTA/eRA)
  • Business Impact Assessment (BIA) (may be documented in Contingency Plan)
  • System Security Plan (SSP)
  • Privacy Impact Assessment (PIA)
  • Interconnection Agreements (e.g., ISA and/or MOUs), if applicable
  • Configuration Management Plan (CMP)
  • Contingency Plan (CP)
  • Contingency Plan Exercise Report (if Moderate or High impact FIPS rated)
  • Security Assessment Plan (SAP)
  • Security Assessment Report
  • Plan of Action and Milestones (POA&M)
  • ATO Letter signed by Federal Authorizing Official (AO)
  • AC/IA (accessible content OR access control/identify and access management) SOP