Sciweavers

TELSYS
2010

Information system security compliance to FISMA standard: a quantitative measure

13 years 7 months ago
Information system security compliance to FISMA standard: a quantitative measure
To ensure that safeguards are implemented to protect against a majority of known threats, industry leaders are requiring information processing systems to comply with security standards. The National Institute of Standards and Technology Federal Information Risk Management Framework (RMF) and the associated suite of guidance documents describe the minimum security requirements (controls) for non-nationalsecurity federal information systems mandated by the Federal Information Security Management Act (FISMA), enacted into law on December 17, 2002, as Title III of the E-Government Act of 2002. The subjective compliance assessment approach described in the RMF guidance, though thorough and repeatable, lacks the clarity of a standard quantitative metric to describe for an information system the level of compliance with the FISMArequired standard. Given subjective RMF assessment data, this article suggests the use of Pathfinder networks to generate a quantitative metric suitable to measure, ...
Elaine Hulitt, Rayford B. Vaughn
Added 22 May 2011
Updated 22 May 2011
Type Journal
Year 2010
Where TELSYS
Authors Elaine Hulitt, Rayford B. Vaughn
Comments (0)