Each federal agency shall develop, document, and implement an agency-wide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
Federal Information Security Management Act (FISMA), 2002
In this chapter:
System security authorization boundaries Federal security authorization process
So where and how do we start the authorization process in accordance with FISMA? Well, first we need to define the boundary of the information system. We define the boundary through drawing real network boundaries, logical ...