FISMA

Federal Information Security Management Act of 2002 Report Templates

Section A: System Inventory and IT Security Performance
Section B: Identification of Significant Deficiencies
Section C: OIG Assessment of the POA&M Process
Section D: IT Systems and Infrastructures
Section E: Incident Detection and Handling Procedures

Objectives
- The organization manages information system accounts, including authorizing, establishing, activating, modifying, reviewing, disabling, and removing accounts;
- The organization defines in the security plan, explicitly or by reference, the frequency of information system account reviews and the frequency is at least annually;
- The organization reviews information system accounts in accordance with organization-defined frequency; and
- The organization initiates required actions on information system accounts based on the review.

Download free OpenFISMA 2.3 Federal Information Security Management Act. The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

Basically there are 4 basic requirement for good information security program such as:
1. Periodic assessments of risk
2. Policies and procedures that are based on risk assessments
3. Security awareness
4. Periodic testing and evaluation

Below detail checklist for FISMA (Federal Information Security Management Act of 2002) based effective information security program