[...]... chapter: ■ Terminology ■ Audit and Report Cards ■ A Standardized Process ■ Templates, Documents, and Paperwork ■ Certification and Accreditation Laws Summarized 1 409_Cert_Accred_ 01. qxd 2 11 /2/06 2 :17 PM Page 2 Chapter 1 • What Is Certification and Accreditation? Introduction Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security... 10 9 Levels of Compliance 10 9 Management Controls 11 1 Operational Controls 11 2 Technical Controls 11 3 Correlation with Security Policies and Laws 11 3 Answering the Questions 11 4 Questions for Self-Assessment Survey 11 6 Summary ... 409_Cert_Accred_Pre.qxd xxvi 11 /3/06 4: 01 PM Page xxvi Preface Organization of This Book This book contains 24 chapters Chapter 1 (What Is Certification and Accreditation? ) explains what is meant by Certification and Accreditation and why the process is mandated by federal law The different Certification and Accreditation laws will be cited and discussed A brief history and chronology of the mandated laws will be... 14 8 Chapter 10 Addressing End-User Rules of Behavior 14 9 Introduction 15 0 Implementing Rules of Behavior 15 0 What Rules to Include 15 1 Rules for Applications, Servers, and Databases 15 1 Additional Rules for Handhelds 15 2 Additional Rules for Laptops and Desktop Systems 15 3 Additional... 3 Audit and Report Cards 6 A Standardized Process 7 Templates, Documents, and Paperwork 8 Certification and Accreditation Laws Summarized 9 Summary 10 Notes 11 Chapter 2 Types of Certification and Accreditation 13 Introduction ... 16 0 Roles and Responsibilities 16 2 Agency CSIRC 16 2 Information System Owner and ISSO 16 3 Incident Response Manager 16 4 Definitions 16 5 Incident 16 5 Impact, Notification, and Escalation 16 6 Incident Handling ... 16 8 xv 409_Cert_Accred_TOC.qxd xvi 11 /3/06 4:38 PM Page xvi Contents Detecting an Incident 16 9 Containment and Eradication 17 1 Recovery and Closure 17 2 Forensic Investigations 17 3 Incident Types 17 6 Incident Response Plan Checklist 18 0 Security... 18 1 Summary 18 3 Additional Resources 18 3 Incident Response Organizations 18 3 Additional Resources 18 4 Articles and Papers on Incident Response 18 5 Notes 18 6 Chapter 12 Performing the Security Tests and Evaluation 18 7 Introduction... invaluable support and guidance throughout his career, his family for their love and support, and Olive for making every day special ix 409_Cert_Accred_FM.qxd x 11 /3/06 3:32 PM Page x 409_Cert_Accred_TOC.qxd 11 /3/06 4:38 PM Page xi Contents Foreword xxiii Preface xxv Chapter 1 What Is Certification and Accreditation? 1 Introduction... Users 15 4 Consequences of Noncompliance 15 5 Rules of Behavior Checklist 15 5 Summary 15 6 Chapter 11 Addressing Incident Response 15 7 Introduction 15 8 Purpose and Applicability 15 8 Policies and Guidelines 15 9 Reporting Framework . stored, and executed in a computer system, but they may not be reproduced for publication. 1 2 3 4 5 6 7 8 9 0 ISBN: 1- 59749 -11 6-0 ISBN -13 : 978 -1- 59749 -11 6-7 Publisher: Andrew Williams Page Layout and. at 409_Cert_Accred_FM.qxd 11 /3/06 3:32 PM Page i 409_Cert_Accred_FM.qxd 11 /3/06 3:32 PM Page ii Laura Taylor Matthew Shepherd Technical Editor FISMA Certification & Accreditation Handbook 409_Cert_Accred_FM.qxd 11 /3/06. Islands, and the Cook Islands. 409_Cert_Accred_FM.qxd 11 /3/06 3:32 PM Page v 409_Cert_Accred_FM.qxd 11 /3/06 3:32 PM Page vi vii Author Laura Taylor is Director of Security Certification and Accreditation