The Federal Information Security Management Act

2787 Words12 Pages
VA Cyber Security Profile
Richard David Thomas Caroll
CSIA 412 7982
November 30, 2014

Through the Federal Information Security Management ACT (FISMA) it was made mandatory that organizations would have to develop standards that would be in compliance with federal regulations that were put into place. Because of this the Federal Information Processing Standards Publication (FIPS) 199 and FIPS 200 were put into place in order to establish a set of standards for organizations so that they could determine what their category would be for their systems (NIST, 2012). In order to enforce the security categories from FIPS-200, the NIST SP 800-53 would be utilized in order to set in place a security control
…show more content…
Within this security profile three controls and two family controls were selected to be enforced in order to explore the security awareness and the training being done that can be used as counter measures against any cyber security threats that may pose a problem to the network. The three controls that are being examined within management, technical, and operational families will be based on the needs of the VA and how best to implement them.
2. MANAGEMENT CONTROL. Management Controls are used to put procedures and policies into place that would allow an organization to be able to function in a secure manner from all of its levels, to include the ground floor to the top floor.
2.1 Selected Control – Security Assessment and Authorization
The security and authorization family controls are focused on the creation and maintenance of a security plan. Through this it would identify the individuals responsible for information systems and the development of plans and how to implement them by creating goals to help them in meeting their overall goal for their security program.
2.1.1 Family Control #1 Security Assessments
2.1.2 Implementation Status: Not Fully Enforced (Wilshusen, 2007)
NIST SP 800-53 Control: requires the VA to create and put into place a plan that will fully gauge a
Get Access