CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)
What is FISMA?
15th November, 2013
The Federal Information Security Management Act is Title III of the E-Government Act of 2002 of United States federal law enacted in 2002. FISMA Act focuses on the development, documentation, and implementation an Information Security Program.
Federal Information Security Management Act of 2002
Act was formulated to emphasize on the importance of information security of the United States in concern with the economic and national security interests. FISMA act as a framework to protect the government (federal) information, operations and assets against natural or man-made threats. FISMA Act provides security to the information and information systems. It also covers services provided or managed by another agency, contractor, or other source.
FISMA specifies the need of conducting yearly Information Security Reviews as part of the Risk Assessment in order to manage the risks in an efficient, cost effective and proactive manner.
As per FISMA, information security program should focus on the following points:
- Periodic risk assessments
- Policies and procedures based on the organizational interests and risks assessments
- Subordinate plans for security of networks, facilities, information systems, or groups of information systems, as appropriate
- Security awareness training for the personnel (including contractors) towards the organizational policies and procedures
- Regular testing and evaluation of the information security policies, procedures, practices, and security controls
- Continual improvement in information security policies, procedures, practices and security control through planning, implementing, evaluating, and documenting remedial actions
- Incidents Management
- Ensuring continuity of operations for information systems that support the operations and assets of the organization.
FISMA Implementation
Implementation of FISMA requires policies and procedures as per the organizational structure and roles and responsibilities and type of risks and threat that are faced by the organization. DQS India provides implementation guidance for FISMA to the organizations.
We have Security Experts with years of experience of working with different Security Standards, Technologies and Domains. We can help in the development of policies and procedures from the scratch, provide guidance for implementation leading to the implementation assessments.
Previous Post
CMMI Institute released SCAMPI MDD V1.3aNext Post
Gap in Information Security skill set and staff requirements in IndiaSidebar
Author: Rajendra Khare
Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :
- SCAMPI High Maturity Lead Appraiser (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
- CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
- CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)
Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994
International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009
Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)
Rajendra has 25 years experience in the industry.