Sarbanes Oxley Compliance                                                                 Basel iii Accord Compliance Certification                                                                                Chief Compliance Officer HIPAA Compliance                                                                                Compliance and the EU AML Compliance                                                                                              Insider Trading PCI Compliance                                                                                      Privacy and Compliance Gramm-Leach-Bliley Act (GLBA) Compliance                                               UK FSA Compliance  FISMA Compliance                                                                                 Compliance Software Ethics and code of conduct                                                                              Compliance Forum Environmental Compliance                                                                    Compliance Jobs IARCP                                                                                                                 Contact Us

Compliance Officer Portal FISMA Compliance   SEC. 301. INFORMATION SECURITY. (a) SHORT TITLE — This title may be cited as the ‘‘Federal Information Security Management Act of 2002’’. (b) INFORMATION SECURITY— (1) IN GENERAL —Chapter 35 of title 44, United States Code, is amended by adding at the end the following new subchapter: ‘‘SUBCHAPTER III—INFORMATION SECURITY ‘‘§3541. Purposes ‘‘(1) provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets; ‘‘(2) recognize the highly networked nature of the current Federal computing environment and provide effective government wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities; ‘‘(3) provide for development and maintenance of minimum controls required to protect Federal information and information systems; ‘‘(4) provide a mechanism for improved oversight of Federal agency information security programs; ‘‘(5) acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector; and ‘‘(6) recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.   Organizations in all sectors of the economy depend upon information systems and communications networks, and share common requirements to protect sensitive information. ITL works with industry and government to establish secure information technology systems for protecting the integrity, confidentiality, reliability, and availability of information. Under FISMA Act of 2002, the Computer Security Division of the Information Technology Laboratory (ITL) develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. Focus areas include cryptographic technology and applications, advanced authentication, public key infrastructure, internetworking security, criteria and assurance, and security management and support. These publications present the results of NIST studies, investigations, and research on information technology security issues. The publications are issued as Special Publications (Spec. Pubs.), NISTIRs (Internal Reports), and ITL (formerly CSL) Bulletins. Special Publications series include the Spec. Pub. 500 series (Information Technology) and the Spec. Pub. 800 series (Computer Security). Computer security-related Federal Information Processing Standards (FIPS) are also included.   The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation.   These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents are being developed in support of the project while not called out directly in the FISMA legislation.   These publications include NIST Special Publications 800-37, 800-53, and 800-53A. It should be noted that the Computer Security Division continues to produce other security standards and guidelines in support of FISMA. These publications can be located by visiting the division's Publications   To learn more: http://csrc.nist.gov     Every Monday Top 10 risk and compliance management related news stories and world events   Do you want to receive every Monday the Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next?   You may submit the form that follows. We meet strict national and international privacy standards. You can unsubscribe at any time.         Free E-book: 100 Job Descriptions in Risk and Compliance Management         Certified Risk and Compliance Management Professional (CRCMP) Distance Learning and Online Certification Program   Certified Information Systems Risk and Compliance Professional (CISRCP) Distance Learning and Online Certification Program   To learn more: www.risk-compliance-association.com/Distance_Learning_and_Certification.htm     Receive the New Member Orientation Newsletters You will have the opportunity to learn what members registered before you have already learned. Understand better risk and compliance management, projects, careers, challenges and opportunities.