SlideShare a Scribd company logo

FISMA Reforms Key Changes

Tuan Phan
Tuan Phan

Discusses the changes to the recent FISMA Reforms (HR 1163).

Technology
1 of 8
Download to read offline
InfoSec Learning Center 1 Key Points of FISMA Reforms of 2013 April 5, 2013 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
Background 2  Known as H.R. 1163 – Federal Information Security Amendments Act of 2013.  Approved by House of Representatives on March 20, 2013.  May alter the current FISMA landscape and how agencies and corporations are moving toward address the changing cyber climate.  Historically, FISMA has relied on a paper-based approach to governance.  CISOs have contented that the current FISMA law limits their ability to enhance the security posture for their organization. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
Key Changes 3  Extend the responsibility for cybersecurity to the head of the agency.  Each agency is required to designate a Chief Information Security Officer or (CISO).  CISOs must possess the qualifications to conduct and implement the security program outlined.  The CISO is responsible for the implementation of agency-wide security program.  Allow the use of automated technologies to support cyber threat assessments  OMB will oversee a Federal government incident response center where incidents can be maintained, and assist other agencies with their cyber- incidents, with guidance from key organizations including NIST. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
Responsibilities of CISO 4  Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and agency information systems;  Developing, maintaining and overseeing an agency-wide information security program;  Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements;  Training and overseeing personnel with significant responsibilities for information security;  Assisting senior agency officials on cybersecurity matters;  Ensuring the agency has a sufficient number of trained and security-cleared personnel to assist in complying with federal cybersecurity law and procedures;  Reporting at least annually to agency executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats. Source: “CISOs: FISMA Reforms Establishes CISO Responsibilities”, Process Unity Press Release, March 21, 2013 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
OMB Federal Incident Security Center 5  Provide guidance and assistance to other agencies on detecting and handling of security incidents.  Compile information on security incidents (and presumably to define metrics and to share best practices with other agencies)  Inform other agencies about the current and potential threat landscape.  Work with NIST and any other agencies.  Operators of national security systems must also report incidents into the same Center.  Director of the Center is responsible for defining and implementing policies and procedures consistent with HR 1163. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
About TrustedAgent GRC 6 TrustedAgent Governance, Risk and Compliance (GRC) provides organizations with a central technology platform to manage the organization’s security assessment, authorization, and continuous monitoring for risk and compliance management across the enterprise using several standards including FedRAMP, ISO 27001, HIPAA/HITECH, PCI DSS, COBIT, NERC, and FISMA. TrustedAgent GRC collects and aggregates results from other ancillary tools such as asset management, configuration management, vulnerability management, and other information security tools and processes for analysis and understanding of the enterprise risk profile, conducting compliance and remediation, and management reporting. TrustedAgent GRC provides a structured, consistent, and time-saving approach to implement compliance deliverables, accelerates the process of securing authorization, and maintains ongoing support for security assessment and continuous monitoring to meet the challenges of governance for commercial enterprises and government agencies. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
Governance and Security Standards 7 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
About Trusted Integration 8 Since 2001, Trusted Integration has been a leader in providing Governance, Risk and Compliance management solutions for government and commercial organizations specializing superior-quality, cost-saving Information risk management solutions in the Federal Government Compliance (FISMA, DIACAP, and FedRAMP). In addition, Trusted Integration also provides compliance solutions supporting payment card industry data security standards (PCI-DSS), health care HIPAA/HITECH, and information technology governance including COBIT and ISO 27001. For more information, visit us at www.trustedintegration.com. Trusted Integration, Inc. 525 Wythe Street Alexandria, VA 22314 (703) 299-9171 solutions@trustedintegration.com Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity

Recommended

Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 

Recommended

Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2marchharvey
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS ComplianceTripwire
 
Chief Security Officer
Chief Security OfficerChief Security Officer
Chief Security OfficerPLN9 Security Services Pvt. Ltd.
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)Tuan Phan
 

More Related Content

What's hot

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2marchharvey
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS ComplianceTripwire
 

What's hot (20)

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
develop security policy
develop security policydevelop security policy
develop security policy
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_Intindolo
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Brief
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2Equilibrium Security Methodology 030414 Final v2
Equilibrium Security Methodology 030414 Final v2
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
 
Chief Security Officer
Chief Security OfficerChief Security Officer
Chief Security Officer
 

Viewers also liked

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)Tuan Phan
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Building an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCBuilding an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCTuan Phan
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarTuan Phan
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalTuan Phan
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 

Viewers also liked (12)

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Building an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRCBuilding an Effective GRC Process with TrustedAgent GRC
Building an Effective GRC Process with TrustedAgent GRC
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Similar to FISMA Reforms Key Changes

Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessSecurityOn-Demand
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfkelyn Technology
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTebonyman0007
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013
Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013
Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013drewz lin
 

Similar to FISMA Reforms Key Changes (20)

Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security Success
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Role management
Role managementRole management
Role management
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdf
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
NIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NISTNIST to CSF to ISO or EC 27002 2022 with NIST
NIST to CSF to ISO or EC 27002 2022 with NIST
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013
Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013
Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013
 

More from Tuan Phan

TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTuan Phan
 
Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213Tuan Phan
 
Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513Tuan Phan
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712Tuan Phan
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508Tuan Phan
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-processTuan Phan
 

More from Tuan Phan (8)

TrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security AuthorizationTrustedAgent FedRAMP Security Authorization
TrustedAgent FedRAMP Security Authorization
 
Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213Guide to understanding_fed_ramp_042213
Guide to understanding_fed_ramp_042213
 
Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513Guide to understanding_fed_ramp_032513
Guide to understanding_fed_ramp_032513
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for csp
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712Continuous monitoring strategy_guide_072712
Continuous monitoring strategy_guide_072712
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
 
Completing fedramp-security-authorization-process
Completing fedramp-security-authorization-processCompleting fedramp-security-authorization-process
Completing fedramp-security-authorization-process
 

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

FISMA Reforms Key Changes

  • 1. InfoSec Learning Center 1 Key Points of FISMA Reforms of 2013 April 5, 2013 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 2. Background 2  Known as H.R. 1163 – Federal Information Security Amendments Act of 2013.  Approved by House of Representatives on March 20, 2013.  May alter the current FISMA landscape and how agencies and corporations are moving toward address the changing cyber climate.  Historically, FISMA has relied on a paper-based approach to governance.  CISOs have contented that the current FISMA law limits their ability to enhance the security posture for their organization. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 3. Key Changes 3  Extend the responsibility for cybersecurity to the head of the agency.  Each agency is required to designate a Chief Information Security Officer or (CISO).  CISOs must possess the qualifications to conduct and implement the security program outlined.  The CISO is responsible for the implementation of agency-wide security program.  Allow the use of automated technologies to support cyber threat assessments  OMB will oversee a Federal government incident response center where incidents can be maintained, and assist other agencies with their cyber- incidents, with guidance from key organizations including NIST. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 4. Responsibilities of CISO 4  Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and agency information systems;  Developing, maintaining and overseeing an agency-wide information security program;  Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements;  Training and overseeing personnel with significant responsibilities for information security;  Assisting senior agency officials on cybersecurity matters;  Ensuring the agency has a sufficient number of trained and security-cleared personnel to assist in complying with federal cybersecurity law and procedures;  Reporting at least annually to agency executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats. Source: “CISOs: FISMA Reforms Establishes CISO Responsibilities”, Process Unity Press Release, March 21, 2013 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 5. OMB Federal Incident Security Center 5  Provide guidance and assistance to other agencies on detecting and handling of security incidents.  Compile information on security incidents (and presumably to define metrics and to share best practices with other agencies)  Inform other agencies about the current and potential threat landscape.  Work with NIST and any other agencies.  Operators of national security systems must also report incidents into the same Center.  Director of the Center is responsible for defining and implementing policies and procedures consistent with HR 1163. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 6. About TrustedAgent GRC 6 TrustedAgent Governance, Risk and Compliance (GRC) provides organizations with a central technology platform to manage the organization’s security assessment, authorization, and continuous monitoring for risk and compliance management across the enterprise using several standards including FedRAMP, ISO 27001, HIPAA/HITECH, PCI DSS, COBIT, NERC, and FISMA. TrustedAgent GRC collects and aggregates results from other ancillary tools such as asset management, configuration management, vulnerability management, and other information security tools and processes for analysis and understanding of the enterprise risk profile, conducting compliance and remediation, and management reporting. TrustedAgent GRC provides a structured, consistent, and time-saving approach to implement compliance deliverables, accelerates the process of securing authorization, and maintains ongoing support for security assessment and continuous monitoring to meet the challenges of governance for commercial enterprises and government agencies. Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 7. Governance and Security Standards 7 Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity
  • 8. About Trusted Integration 8 Since 2001, Trusted Integration has been a leader in providing Governance, Risk and Compliance management solutions for government and commercial organizations specializing superior-quality, cost-saving Information risk management solutions in the Federal Government Compliance (FISMA, DIACAP, and FedRAMP). In addition, Trusted Integration also provides compliance solutions supporting payment card industry data security standards (PCI-DSS), health care HIPAA/HITECH, and information technology governance including COBIT and ISO 27001. For more information, visit us at www.trustedintegration.com. Trusted Integration, Inc. 525 Wythe Street Alexandria, VA 22314 (703) 299-9171 solutions@trustedintegration.com Company Sensitive This document is the property of Trusted Integration, Inc. It should not be duplicated or distributed to any third-party entity