|
FISMA
The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each Government agency#United States, federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, Government contractor, contractor, or other source. FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a "risk-based policy for cost-effective security." FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Federal Information Security Modernization Act Of 2014
The Federal Information Security Modernization Act of 2014Pub.L. 113-283 S. 2521; commonly referred to as FISMA Reform) was signed into federal law by President Barack Obama on December 18, 2014. Passed as a response to the increasing amount of cyber attacks on the federal government, it amended existing laws to enable the federal government to better respond to cyber attacks on departments and agencies. An earlier version of the legislation was proposed by House Oversight and Government Reform Chairman Darrell Issa and co-sponsored by the Committee's Ranking Member Elijah Cummings as H.R.1163 Federal Information Security Amendments Act of 2013. The bill was passed by the U.S. House of Representatives on a vote of 416–0. The final version of the legislation was introduced to the United States Senate Committee on Homeland Security and Governmental Affairs by Thomas Carper ( D– DE) on June 24, 2014 and passed December 8, 2014 in the Senate and December 10, 2014 in the House ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NIST Special Publication 800-53
NIST Special Publication 800-53 is an information security standard that provides a catalog of privacy and security controls for information systems. Originally intended for U.S. federal agencies except those related to national security, since the 5th revision it is a standard for general usage. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA) and to help with managing cost effective programs to protect their information and information systems.Ross, et al., p. 4 Two related documents are 800-53A and 800-53B which provide guidance, and baselines based on 800-53. Purpose NIST Special Publication 800-53 is part of the Special Publication 800-series that reports on the Information Technology Laboratory ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Content Automation Protocol
The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., Federal Information Security Management Act of 2002, FISMA (Federal Information Security Management Act, 2002) compliance. The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP. An example of an implementation of SCAP is OpenSCAP. SCAP is a suite of tools that have been compiled to be compatible with various protocols for things like configuration management, compliance requirements, software flaws, or vulnerabilities patching. Accumulation of these standards provides a means for data to be communicated between humans and machines efficiently. The objective of the framework is to promote a communal approach to the implementation of automated security mechanisms that are not monopolized. Purpose To guard again ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Security Automation Program
The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards based design can benefit all information technology security operations. The ISAP high level goals include standards based automation of security checking and remediation as well as automation of technical compliance activities (e.g. FISMA). ISAP's low level objectives include enabling standards based communication of vulnerability data, customizing and managing configuration baselines for various IT products, assessing information systems and reporting compliance status, using standard metrics to weight and aggregate potential vulnerability impact, and remediating identified vulnerabilities. ISAP's technical specifications are contained in the related Security Content Automation Protocol (SCAP). ISAP's security automation content is either c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Control
Security controls or security measures are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information. Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency. Types of security controls Security controls can be classified by various criteria. For example, controls can be classified by how/when/where they act relative to a security breach (sometimes termed ''control types''): *''Preventive controls'' are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders; *''Detective controls'' are intended to identify, characterize, and log an incident e.g. isolating suspicious behavior from a malicious actor on ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Threat (computer)
In computer security, a threat is a potential negative action or event enabled by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative " intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event ( incident is often used as a blanket term). A '' threat actor'' who is an individual or group that can perform the threat action, such as exploiting a vulnerability to actualise a negative impact. An '' exploit'' is a vulnerability that a threat actor used to cause an incident. Standard definitions A more comprehensive definition, tied to an Information assurance point of view, can be found in "''Federal Information Processing Standards (FIPS) 200, Mini ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
E-Government Act Of 2002
The E-Government Act of 2002 (, , , H.R. 2458/S. 803), is a United States statute enacted on 17 December 2002, with an effective date for most provisions of 17 April 2003. Its stated purpose is to improve the management and promotion of electronic government services and processes by establishing a Federal Chief Information Officer within the Office of Management and Budget, and by establishing a framework of measures that require using Internet-based information technology to improve citizen access to government information and services, and for other purposes. The statute includes within it * FISMA (the Federal Information Security Management Act of 2002) as Title III, and * CIPSEA (the Confidential Information Protection and Statistical Efficiency Act) as Title V. Provisions * ''To provide effective leadership of Federal Government efforts to develop and promote electronic Government services and processes by establishing an Administrator of a new Office of Electronic Gover ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIPS 199
FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems) is a United States Federal Government standard that establishes security categories of information systems used by the Federal Government, one component of risk assessment. FIPS 199 and FIPS 200 are mandatory security standards as required by FISMA The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the eco .... FIPS 199 requires Federal agencies to assess their information systems in each of the confidentiality, integrity, and availability categories, rating each system as low, moderate, or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. External links * ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Public Buildings, Property, And Works
In public relations and communication science, publics are groups of individual people, and the public (a.k.a. the general public) is the totality of such groupings. This is a different concept to the sociological concept of the ''Öffentlichkeit'' or public sphere. The concept of a public has also been defined in political science, psychology, marketing, and advertising. In public relations and communication science, it is one of the more ambiguous concepts in the field. Although it has definitions in the theory of the field that have been formulated from the early 20th century onwards, and suffered more recent years from being blurred, as a result of conflation of the idea of a public with the notions of audience, market segment, community, constituency, and stakeholder. Etymology and definitions The name "public" originates with the Latin '' publicus'' (also '' poplicus''), from ''populus'', to the English word ' populace', and in general denotes some mass population ("the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SANS Institute
The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security. Programs The SANS Institute sponsors the Internet Storm Center, an internet monitoring system staffed by a community of security practitioners, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Alan Paller
Alan Paller (September 17, 1945 - November 9, 2021) was a cyber security expert, the founder of the SANS Institute, and the founder and former president of SANS Technology Institute. Biography Alan Terry Paller was born on September 17, 1945 in Indianapolis, Indiana. In 1967, he graduated from Cornell University with a bachelor's degree in mechanical engineering. He received his masters in 1968 from Massachusetts Institute of Technology. After graduation, he worked for the Institute for Defense Analysis where he learned of security risks in computer systems for missile-defense needs. Paller co-founded the SANS Institute in 1989 with his wife to promote efficient system management and secure operations. In 2005, he founded the SANS Technology Institute where he held the position of the President Emeritus. His influence on the industry was recognized through various accolades and appointments, including testifying before the US Senate and House of Representatives and recei ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OMB Circular A-130
OMB Circular A-130, titled Managing Information as a Strategic Resource, is one of many Government circulars produced by the United States Federal Government to establish policy for executive branch departments and agencies. Circular A-130 was first issued in December 1985 to meet information resource management requirements that were included in the Paperwork Reduction Act (PRA) of 1980. Specifically, the PRA assigned responsibility to the OMB Director to develop and maintain a comprehensive set of information resources management policies for use across the Federal government, and to promote the application of information technology to improve the use and dissemination of information in the operation of Federal programs.(See "Background" section of Circular's Transmittal Memorandum No. 2 for brief historical information/ref> The initial release of the Circular provided a policy framework for information resources management (IRM) across the Federal government. Since the time of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
