FISMAandNIST.docx

Running head: NIST and FISMA 1

NIST and FISMA 5

FISMA and NIST Relationship

Student’s Name

Institution

FISMA and NIST Relationship

With an increase in e-retail sales globally, needs arise to have customers experienced as well as an optimized strategy. Regulatory procedures are established for organizations and business people to comply with the business courtesy requirements. These compliance regulations cover many fields, such as health, business systems, and safety, among others. To stay ahead of arising threats that can affect the security of the nation, and business and commerce field (Barrett et al., 2017), the FISMA and NIST have regulations which federal agencies navigates.

Federal Information Security Management Act (FISMA), in the national government, plays a role of assigning responsibilities to government agencies, requiring them to come up with and apply a security data aiming at managing risks. The National Institute of Standards Technology (NIST) makes information security standards available. It briefs strategies to protect several categories of information from meeting FISMA requirements. It is the NIST responsibility to review and examine the set standards by FISMA to ensure that the rules are correct as well as are easy to adhere to by the agencies' officials. The process of assessing these standards involves the feedback received from the affected public as well as private sectors (Grassi et al., 2017). The guidance and recommendation are handed out in the special publications of NIST.

The NIST establishes the publications of FISMA, where the publications are reliable to the Office of Management and Budget (OMB) requirements. This establishment is done in agreement with FISMA's legal responsibilities. Although NIST develops federal information processing standards, suitable federal officials have to be approved to exercise authority over national security systems. Failure to do so, NIST standards as well as guidelines do not apply to the systems.

FISMA developed a management framework as a critical element of implementing its projects. Also, the NIST developed a Risk management framework that successfully brings all related guidance and security standards of FISMA together. By doing so, it helps agencies in promoting and improving information security programs, which are not only comprehensive but also balanced. To maintain a program for FISMA that is effective, NIST defines the essence of an information system according to the effect of a particular loss (Gandhi et al., 2016). It selects a baseline security control aiming at safeguarding information systems, where it may choose to use tailored security control. To ensure adequate security of the baseline, NIST uses the results of risk assessment to supplement the controls. Security requirements are documented for the baseline, implemented, and hence configuration settings applied. Security control efficiency is determined as well as the agency's risk to operations, individuals, and assets. If the chances are acceptable, NIST authorizes the operation of the information system. To the system, NIST continuously tracks any changes (Shankar, 2016) that might affect the baseline. Any change enhances the reassessment of control efficiency.

Although NIST relates to FISMA compliances, it does not do this only. NIST has special publications and also Cyber-security framework. These publications form the base for other numerous requirements. The publications are meant to help an individual who wishes to develop a cyber-security program of his or her own. Moreover, these publications are advantageous as they are available to individuals even if they do not fall under compliance requirements (Grassi et al., 2017). Following an increase in software vulnerabilities attacks, federal agencies are advised by FISMA and NIST to place intense stress on applications' security. By agencies evaluating their software with third-party application' security providers, they will be well prepared for any new threats (Barrett et al., 2017) that target their applications and come up with strict requirements. As a result, their security with FISMA improves.

References

Barrett, M., Marron, J., Pillitteri, V., Boyens, J., Witte, G., & Feldman, L. (2017). The cybersecurity framework: Implementation guidance for federal agencies (No. NIST Internal or Interagency Report (NISTIR) 8170 (Draft)). National Institute of Standards and Technology.

Gandhi, R., Crosby, K., Solutions, T. G. R., Siy, L. H., & Mandal, S. (2016). Driving Secure Software Initiatives Using FISMA: Issues and Opportunities. CrossTalk, 37.

Grassi, P. A., Garcia, M., & Fenton, J. (2017). DRAFT NIST Special Publication 800-63-3 Digital Identity Guidelines. National Institute of Standards and Technology, Los Altos, CA.

Shankar, A. (2016). Building a NIST Risk Management Framework for HIPPA and FISMA Compliance.