Chapter 18

Getting Ready for Security Testing

Abstract

FISMA requires that all system security controls undergo testing. Testing the security controls should be planned in advance and should be performed by an independent third-party assessor. All components of the system that will be tested should be described in the Security Assessment Plan. A Security Assessment Plan should include a Rules of Engagement (RoE). RoE is a document designed to describe proper notifications and disclosures between the owner of a tested system and an independent assessor.

Keywords

SP 800-53A; Security testing; Independent assessor; Third party; Rules of Engagement; RoE; Limitation of Liability; Testing; ST&E; Security Testing and Evaluation

Distrust and caution are the ...

Get FISMA Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

FISMA Compliance Handbook by Laura P. Taylor

Getting Ready for Security Testing

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly