0
1.0kviews
FISMA - Key IT Requirements
1 Answer
0
105views
  • Assess Existing State (create a baseline)
  • Create a Risk Assessment Summary, and categorize systems as low, moderate, or high impact relative to security.
  • Classify assets per FIPS 199 (Low, Moderate, High)
  • Secure systems per the appropriate NIST standard by system type (email, DNS, Wireless, etc...)
  • Review Internally, and Independently (annually) for compliance.
  • Implement policies and procedures to reduce risk to an acceptable level.
  • Periodically review and test procedures to ensure effectiveness.
  • Designate a security information officer with primary duties as security.
  • Implement a security awareness training program for staff and contractors.
Please log in to add an answer.