Security Management Act (FISMA)

What mandates or regulations are driving certification and accreditation in your organization or industry? If you are associated with a government agency, discuss the role of certification and accreditation in relation to the Federal Information Security Management Act (FISMA) and the defining roles of the National Institute of Standards and Technology (NIST), and the Office of Management and Budget (OMB). If you are in the private sector, discuss which regulation your organization must be in compliance with, and how the NIST guidelines might support your efforts. Wk3 The systems inventory process is critical to the success of certification and accreditation. Businesses or govt can run a multitude of different systems. What and how is the best approach to find and located all Information systems, operating systems, internal and external connections in a large scale government information system using automated versus manual methods. Identify any automated software you can locate to assist with system inventory and provide links or urls to the software website for other students to evaluate. Wk4 When talking about the use of contractors and independence of the certifying agent, provide exam​‌‍‍‍‌‍‍‌‍‌‌‍‍‍‌‍‌‌‌‍​ples on why this is important and conduct a search on any Govt regulations NIST, GAO, IG, DOD, published journals, or textbooks that may provide more details on why the use of independence or contractors is required. Provide all references in your posting. Wk5 In developing a certification test plan, what type of research must be conducted to ensure you cover all aspects of the testing plan? What type of collaboration must take place between the Chief Information Security Officer, System Owners, Management and the Chief Information Officer? Provide examples from your experience where this teamwork was effective, and where lessons may have been learned when it wasn’t. Wk6 Why is certification testing considered the “Crown Jewel” of the certification and accreditation process? Wk7 Is the Federal Information Security Management Act (FISMA) an efficient process in protection of government systems and data? Why or why not? How could it be improved? Wk8 Testing conducted on systems of high national security is performed to ensure that system is protected to the degree required. What are some of the advantages and disadvantages of manual and automated testing? Is automated testing totally flawless? Should manual testing still be conducted on systems of high national security to eliminate the possibility of certifying a system based on false results?

Sample Solution