Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs
Ronald S. Ross
The Federal Information Security Management Act of 2002 places significant requirements on federal agencies for the protection of information and information systems including those systems comprising the critical infrastructure of the United States. The National Institute of Standards and Technology (NIST) is leading the development of key information security standards and guidelines as part of its FISMA Implementation Project. This high priority project includes the development of security categorization standards (FIPS Publication 199), minimum security requirements standards (FIPS Publication 200), guidelines for the selection of minimum or baseline security controls for information systems (Special Publication 800-53), guidelines for assessing the effectiveness of security controls (Special Publication 800-53A) and guidelines for the security certification and accreditation of information systems (Special Publication 800-37). This paper covers some of the key provisions of the FISMA legislation, the publications developed by NIST in support of the legislation, and how the FISMA-related security standards and guidelines can be integrated into a comprehensive Risk Management Framework.
November 27-December 1, 2006
4th International Aviation Security Technology Symposium
Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs, 4th International Aviation Security Technology Symposium, Washington, DC, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50946
(Accessed June 6, 2023)