The handbook is based on relevant information security laws and regulations, including the Klinger-Cohen Act of 1996, the Federal Information Security Management Act (FISMA) of 2002, and the Office of Management and Budget (OMB) ‘s A-130 Circular. Its purpose is to help managers understand how to select and implement appropriate safety controls and to clarify the results of compliance with safety requirements.
Overall, the Information Security manual is an important tool that can help organizations improve information security, reduce security risks, and protect the security of their business and data.
Security planning for federal information systems covers the categorization of applications and systems, delineates roles and responsibilities for security planning, discusses rules of behavior, details the approval process for system security plans including the selection of security controls, and emphasizes the importance of ongoing maintenance of the system security plan.
1. System security plans are dynamic documents needing periodic review, modification, and updates of action plans and milestones for implementing security controls. These plans should be developed and reviewed before proceeding with the security certification and accreditation process for the system. During this process, the system security plan is analyzed, updated, and accepted, ensuring that the security controls align with the federal information processing standards (FIPS) and other regulatory requirements.
2. Roles and responsibilities in security planning are specified, including those of the Chief Information Officer (CIO), who is responsible for developing and maintaining an agency-wide information security program. The CIO’s responsibilities include designating a SAISO, developing security policies and procedures, managing the implementation of common security controls, ensuring training for personnel with significant responsibilities for system security plans, and assisting senior agency officials with their system security plan responsibilities.
The handbook is based on relevant information security laws and regulations, including the Klinger-Cohen Act of 1996, the Federal Information Security Management Act (FISMA) of 2002, and the Office of Management and Budget (OMB) ‘s A-130 Circular. Its purpose is to help managers understand how to select and implement appropriate safety controls and to clarify the results of compliance with safety requirements.
Overall, the Information Security manual is an important tool that can help organizations improve information security, reduce security risks, and protect the security of their business and data.
Security planning for federal information systems covers the categorization of applications and systems, delineates roles and responsibilities for security planning, discusses rules of behavior, details the approval process for system security plans including the selection of security controls, and emphasizes the importance of ongoing maintenance of the system security plan.
1. System security plans are dynamic documents needing periodic review, modification, and updates of action plans and milestones for implementing security controls. These plans should be developed and reviewed before proceeding with the security certification and accreditation process for the system. During this process, the system security plan is analyzed, updated, and accepted, ensuring that the security controls align with the federal information processing standards (FIPS) and other regulatory requirements.
2. Roles and responsibilities in security planning are specified, including those of the Chief Information Officer (CIO), who is responsible for developing and maintaining an agency-wide information security program. The CIO’s responsibilities include designating a SAISO, developing security policies and procedures, managing the implementation of common security controls, ensuring training for personnel with significant responsibilities for system security plans, and assisting senior agency officials with their system security plan responsibilities.