In part II (3.0 — 3.7) we shall focus attention on plans and efforts to implement the Federal Information Security Management Act (FISMA) by the computer security division of NIST. NIST has created what it describes as the "FISMA Implementation Project" which NIST has broken down into three phases. Phase I discusses security standards and Guidelines, Phase II delves into organizational accreditation program while phase III is called the Security Tool Validation Program. We review to Department of Defense (DoD) security certification and accreditation (DITSCAP) program. We take a look too at funding sources for implementing FISMA and how the private sectors are reacting to FISMA.
Part III of this thesis (4.0 – 5.0) takes a deep look at the impact of FISMA in federal government agencies and departments and compliance efforts. We examine a few case studies and then move on to look at the private sector compliance initiatives, including software produced by the private sector software industry to help government agencies and departments achieve compliance easily We link how the various policies, circulars and presidential executive orders shaped management of information and information systems in the federal government. Our methodology is to link how the various policies, circulars, and presidential executive orders shaped the management of information and information systems in the federal government. We analyze the US Government Accounting Office (GAO, 2006) report and the House ‘FISMA Report Card’ (Federal Computer Security Grades: 2001 -2005)
In the Thesis conclusion, we show that FISMA has, in fact, reduced the risk, albeit slowly, to information security in Federal Agencies.