FISMA Compliance Handbook

This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook, 2e, explains what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws are cited and discussed, including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a compliance project. The following section of the book shows how to address security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the compliance project is complete, you will learn to perform security tests and evaluations, business impact assessments, system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally, you will learn to audit your entire compliance project and correct any failures. FISMA Compliance Handbook, 2e, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government's technical lead for FedRAMP, the government program used to assess and authorize cloud products and services. Includes all new information on cloud computing compliance from Laura Taylor, the federal government's technical lead for FedRAMP Includes coverage for both corporate and government IT managers Learn how to prepare for, perform, and document FISMA and FedRAMP compliance projects Laura Taylor's security research has been used by the FBI, FDIC, and the White House