Chapter 5 Applying the NIST Risk Management Framework

Information in this chapter:

• Introduction to FISMA

• Risk Management Framework Overview

• NIST RMF Process

Introduction to FISMA

The Federal Information Security Management Act (FISMA) was signed into law on December 17, 2002 as part of the E-Government Act of 2002 (Public Law 107-347). FISMA permanently reauthorized the framework laid out in the Government Information Security Reform Act (GISRA) of 2000,¹ which expired in November 2002 [1]. FISMA is divided into multiple sections, each of which will be briefly described in this section.

Purpose

FISMA was built upon several existing federal laws designed to ensure the security of federal information and information systems. These federal ...

Get Federal Cloud Computing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Federal Cloud Computing by Matthew Metheny

Chapter 5

Applying the NIST Risk Management Framework

Information in this chapter:

Introduction to FISMA

Purpose

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly