FISMA Authorization Process Guide: A Review for the ISC2 CAP Certification Exam, September 2015 Version
This September 2015 edition of the FISMA Authorization Process Guide: A Review for the (ISC)2® CAP® Certification Exam reflects all the new changes in FISMA and CAP requirements. In February 2010, the U.S. Government (Office of Management and Budget (OMB), Department of Homeland Security (DHS), Department of Defense (DoD), Committee of National Security Systems (CNSS), and the National Institute of Standards and Technology (NIST)) advanced the future status of U.S. cyber security by issuing the joint Authorization process for the government, public and private sectors in NIST SP 800-37, Revision 1. Additionally, the FISMA process has dramatically evolve over the past five years to include major advancements toward achieving true information security continuous monitoring to provide near-real-time security awareness for all and cloud computing security. This authorization process is based the key concepts of mission/business- and risk-based, cost-effective, enterprise information system security. Uniquely this new process was developed with the progressive visions that future information systems will have: - Automated presentation of security status; - Proactive and preventative configuration control to prevent unauthorized changes or additions; - Automated updating and patching; - Near-real-time awareness from an enterprise level; and, - Continuous security monitoring and ongoing authorization. This guide was written specifically to support educational classes and security professionals with the objective of providing individuals with the knowledge required to prepare for the CAP examination, based on the updated September 2015 CAP Candidate Information Bulletin (CIB).