0
Does the federal information security management act outlines the security requirements for classified systems only?
Wiki User
∙ 13y ago
No - FISMA is not restricted to classified systems, it applies to ALL federal computer systems. FISMA is Title III of the E-Government Act of 2002, (Pub.L. 107-347)
44 U.S.C Chapter 35, Subchapter III, § 3541 (1) states that FISMA is supposed to:
provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;
FISMA does call for special efforts to be made to secure classified systems, but the mandate to create and use standards that will secure computer systems commensurate with the value of the data they contain applies to all federal computer systems whether it be DoD, CIA, FBI, IRS, or Department of Commerce. The actual standards are contained in other documents. For example: the DoD requirements are contained in documents like DoDI 8500.2 and DCID 6/3 while the requirements for most non-DoD systems are contained in NIST publications like include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents are being developed including NIST Special Publications 800-37, 800-39, and 800-53A.
Wiki User
∙ 13y ago
Add your answer:
Earn +20 pts
The federal information security management act outlines the security requirements for classified systems only?
False.
Is it true the federal information security management act outlines the security requirements for classified systems only?
IT is False, False and so False.
Is it true the federal information security management act fisma outlines the security requirements for classified systems only?
IT is False, False and so False.
The Federal Information Security Management Act (FISMA) outlines the security requirements for classified systems only?
False FISMA requires federal agencies to protect ALL their information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability. There are additional safeguards imposed on classified systems but those requirements come from other regulations besides FISMA.
What is the Robbins text outlines 6 requirements for value chain management?
There are six requirements for Value Chain Management. # Coordination and Collaboration # Technology Investment # Organizational Process # Leadership # Employee/Human Resources # Organizational Culture and Attitudes by JW04122008 (AIU)
What is the difference between ISO27001 and ISO27701?
ISO 27001 and ISO 27701 are two related but distinct international standards that deal with information security management and privacy respectively. ISO 27001 is a widely recognized standard that provides a framework for the establishment, implementation, maintenance, and continuous improvement of an information security management system (ISMS) in an organization. It outlines the requirements for identifying and assessing information security risks and implementing controls to manage those risks. The standard is designed to help organizations protect the confidentiality, integrity, and availability of their information assets, and to ensure compliance with relevant laws, regulations, and contractual obligations. On the other hand, ISO 27701 is an extension to ISO 27001, which specifies the requirements for a privacy information management system (PIMS). It outlines the guidelines and principles for the protection of Personally Identifiable Information (PII) in the context of the processing of personal data by an organization. It provides a framework for organizations to establish, implement, maintain, and continuously improve their PIMS and demonstrate compliance with privacy laws and regulations. In summary, while ISO 27001 focuses on information security management, ISO 27701 extends its scope to privacy management, with specific emphasis on personal data protection. Organizations that comply with both standards can establish an integrated management system that
What documents outlines the legal requirements that affect workplace performance?
Oh and s
What is a Project Scope?
the portions of the information system that need to be completely operational to satisfy the needs of the various customers, employees, and senior management.
What is Army regulation 380-53?
Army Regulation 380-53, titled "Information Security Program," provides guidance and instructions for the management and implementation of information security within the U.S. Army. It establishes policies, procedures, and responsibilities to protect Army information and information systems from unauthorized access, disclosure, and disruption. The regulation also outlines the requirements for conducting information security training, incident response, and reporting.
A security Classification Guide (SCG) is?
A Security Classification Guide (SCG) is a document that outlines the criteria for classifying and safeguarding classified information. It provides guidance on how to properly classify information based on its sensitivity and the level of protection required. SCGs help ensure consistency in the classification and protection of sensitive information across an organization.
Is 546 a 13. A primary source for identifying requirements for corrective action is?
No, 546 is not a primary source for identifying requirements for corrective action. A primary source for this purpose would typically be the organization's documented quality management system, which outlines processes for identifying, documenting, and addressing non-conformities or issues that need corrective action.
What ITU-T recommendation outlines the requirements for layer 1 ISDN primary rate interface?
I.431
