| Description |
1 online resource (xv, 298 pages) |
| Bibliography |
Includes bibliographical references (page 289) and index. |
| Summary |
The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader's own organization. |
| Contents |
Laws, Regulations, and Guidance -- Integrated Organization-Wide Risk Management -- The Joint Task Force Transformation Initiative -- System Development Life Cycle (SDLC) -- Transitioning from the C & A Process to RMF -- Key Positions and Roles -- Lab Organization -- RMF Phase 1 : Categorize the information System -- RMF Phase 2 : Selecting Security Controls -- RMF Phase 3 : Implementing Security Controls -- RMF Phase 4 : Assess Security Controls -- RMF Phase 5 : Authorizing the Information System -- RMF Phase 6 : Monitoring Security Controls -- The Expansion of the RMF. |
| Subject |
Computer security -- Government policy -- United States.
|
|
Information technology -- Security measures -- United States.
|
|
Electronic government information -- Security measures -- United States.
|
|
Risk management -- Government policy -- United States.
|
|
Information technology -- United States -- Management.
|
|
Sécurité informatique -- Politique gouvernementale -- États-Unis. |
|
Technologie de l'information -- États-Unis -- Sécurité -- Mesures. |
|
Gestion du risque -- Politique gouvernementale -- États-Unis. |
|
Technologie de l'information -- États-Unis -- Gestion. |
|
Computer security -- Government policy |
|
Information technology -- Management |
|
Information technology -- Security measures |
|
Risk management -- Government policy |
|
United States |
| Other Form: |
Print version: 9781299730427 |
| ISBN |
1299730426 (ebk) |
|
9781299730427 (ebk) |
|
9780124047235 |
|
0124047238 |
|
More Resources