Eileen Dewey Rose State College

1
FISMA, GISRA, NIST 800-26 and FIPS 199

• Eileen DeweyRose State College

2
FISMA

• Federal Information Security Management Act
• US federal law enacted 2002
• Bolster computer and network security within
  federal governments and affiliated parted by
  mandating yearly audits
• Does not address technical specs, but senior
  management responsibilities

3
GISRA

• Government Information Security Reform Act
• Passed by congress to ensure proper management
  and security for the information resources
  supporting federal operations and assets
• GISRA is now FISMA
• All IT systems and IT security programs must be
  periodically self-assessed using guidance in NIST
  Special Publication 800-26

4
NIST 800-26

• Assure that systems and applications operate
  effectively and provide appropriate
  confidentiality, integrity and availability
• Protect information commensurate with the level
  of risk and magnitude of harm resulting from
  loss, misuse, unauthorized access, or
  modification
• NIST 800-26 provides guidance on utilizing the
  results of the information security program and
  system assessments to ascertain the status of the
  agency-0wide information security program

5
FIPS 199

• Developed standards for categorizing information
  and information systems.
• Promotes
• Effective management and oversight of information
  security programs
• Coordination of information security efforts,
  throughout the civilian, national security,
  emergency preparedness, homeland security, and
  law enforcement communities
• Consistent reporting to the Office of Management
  and Budget (OMB) and Congress on the adequacy and
  effectiveness of information security policies
  procedures and practices

6
Government wide Grade 2006 C-