FISMA Certification and Accreditation Handbook and thousands of other textbooks are available for instant download on your iPad, PC or Mac. Get your free Kindle app.

Quantity:

Buy New


	Amazon Prime Free Trial required. Sign up when you check out. Learn More

Kindle Edition

Read instantly on your iPad, PC or Mac, no Kindle required

Buy Price:

$48.88

Buy Used

Used - Good See details

$41.97 & this item ships for FREE with Super Saver Shipping. Details

Fulfilled by Amazon

More Buying Choices

Have one to sell? Sell yours here

Share your own customer images

Search inside this book

FISMA Certification & Accreditation Handbook [Paperback]

L. Taylor (Author)

3.6 out of 5 stars See all reviews (7 customer reviews) |

List Price:	$69.95
Price:	$54.31 & this item ships for FREE with Super Saver Shipping. Details
Deal Price:
You Save:	$15.64 (22%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Want it delivered Monday, February 27? Choose One-Day Shipping at checkout. Details

FREE Two-Day Shipping for students on millions of items. Learn more

Formats	Amazon Price		New from	Used from
Kindle Edition	$48.88		--	--
Paperback	$54.31		--	--

Book Description

Publication Date: December 12, 2006 | ISBN-10: 1597491160 | ISBN-13: 978-1597491167 | Edition: 1

The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements.

This book will explain what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws will be cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the C&A project is complete, the reader will learn to perform the security tests and evaluations, business impact assessments system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally the reader will learn to audit their entire C&A project and correct any failures.

* Focuses on federally mandated certification and accreditation requirements
* Author Laura Taylor's research on Certification and Accreditation has been used by the FDIC, the FBI, and the Whitehouse
* Full of vital information on compliance for both corporate and government IT Managers

#outer_postBodyPS { display: none; } #psGradient { display: none; } #psPlaceHolder { display: none; } #psExpand { display: none; } The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements.

This book will explain what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws will be cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the C&A project is complete, the reader will learn to perform the security tests and evaluations, business impact assessments system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally the reader will learn to audit their entire C&A project and correct any failures.

* Focuses on federally mandated certification and accreditation requirements
* Author Laura Taylor's research on Certification and Accreditation has been used by the FDIC, the FBI, and the Whitehouse
* Full of vital information on compliance for both corporate and government IT Managers

Frequently Bought Together

Price For All Three: $144.26

Show availability and shipping details

Buy the selected items together

This item: FISMA Certification & Accreditation Handbook by L. Taylor Paperback $54.31

In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
The Definitive Guide to the C&A Transformation by Julie E Mehan Paperback $69.95

In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
Certification & Accreditation of Federal Information Systems Volume I by Joint Task Force Transformation Initiative Interagency Working Group Paperback $20.00

In Stock.
Ships from and sold by Amazon.com.
Eligible for FREE Super Saver Shipping on orders over $25. Details

Customers Who Bought This Item Also Bought

The Definitive Guide to the C&A Transformation by Julie E Mehan
5.0 out of 5 stars (6)

$69.95
FISMA Principles and Best Practices: Beyond... by Patrick D. Howard
5.0 out of 5 stars (1)

$56.15
The CISSP and CAP Prep Guide: Platinum Edition by Ronald L. Krutz
4.5 out of 5 stars (6)

$34.56
Certification & Accreditation of Fede... by Joint Task Force Tran...
5.0 out of 5 stars (1)

$20.00
Certification & Accreditation of Fede... by Joint Task Force Tran...
4.0 out of 5 stars (1)

$20.00
CISSP All-in-One Exam Guide, Fifth Edition by Shon Harris
3.9 out of 5 stars (52)

$41.78

Product Details

Paperback: 504 pages
Publisher: Syngress; 1 edition (December 12, 2006)
Language: English
ISBN-10: 1597491160
ISBN-13: 978-1597491167
Product Dimensions: 8.8 x 7 x 1.5 inches
Shipping Weight: 1.4 pounds (View shipping rates and policies)

Average Customer Review: 3.6 out of 5 stars See all reviews (7 customer reviews)

Amazon Best Sellers Rank: #789,865 in Books (See Top 100 in Books)

Would you like to update product info or give feedback on images?

Customer Reviews

7 Reviews

5 star:		(2)
4 star:		(3)
3 star:		(0)
2 star:		(1)
1 star:		(1)

Average Customer Review

3.6 out of 5 stars (7 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

11 of 13 people found the following review helpful:

4.0 out of 5 stars Horrible law, good book, March 9, 2007

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)

This review is from: FISMA Certification & Accreditation Handbook (Paperback)

I am no fan of the FISMA law. I've posted several stories on my blog explaining why I think FISMA is a waste of taxpayer money. Laura Taylor's FISMA Certification and Accreditation Handbook, however, is a good book if you are unfortunate enough to be tasked with performing FISMA work.

The core of this book is understanding the C&A process. C&A is essentially a giant preparatory paperwork exercise conducted before "game day." When the game is being played (i.e., when .gov systems are being compromised) FISMA demonstrates its irrelevance. Still, it would be nearly impossible to understand FISMA and C&A by looking at agency documentation and applicable laws. The Handbook lays out FISMA and C&A in an easy-to-understand manner, probably sharply reducing the slope of the learning curve for the FISMA and C&A newbie.

One of my favorite aspects of the Handbook is the use of templates. If you need to build a C&A program from (nearly) scratch, or if you want to apply best practices to an existing program, the Handbook's templates and suggested language will be invaluable. The Handbook also includes many tables of examples and checklists that could be dropped right into relevant documents.

I considered giving the Handbook five stars, even though I detest FISMA and C&A. Given the technical errors and oddities I found, I could only offer four stars. The Handbook claims to have been reviewed by a technical editor, but several comments made me question the level of attention paid to technical details. Ch 12 (Performing the Security Tests and Evaluation) features the comment "Many network scanners also scan for open ports" (p 200). I should hope so; otherwise, they might not know what to examine. One of the suggested port scanners is Strobe, which was popular in 1997 (no lie). I really liked this comment on p 207, which I assume is meant to reassure those tasked with C&A: "Don't get bogged down trying to figure out how a port listener differs from a port scanner." If a so-called "security consultant" doing C&A doesn't know the difference, they need to hang it up immediately. The "Suspicious Events That Are Worth Auditing" chart on p 348 really made me laugh. Item "SE 6" says "Invalid IP addresses that are not in the range of acceptable octets, for example: 295.128.16.0." Are they SERIOUS?

In brief, if you are stuck doing C&A for FISMA, take a look at the Handbook. If you are tasked with doing anything remotely technical regarding FISMA, you won't find help in this book.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

7 of 8 people found the following review helpful:

5.0 out of 5 stars Excellent Reference, March 31, 2008

J. Fowler (Washington D.C.) - See all my reviews

This review is from: FISMA Certification & Accreditation Handbook (Paperback)

I bought this book because I needed to know how to get through the C&A process from start to finish. I'd read some of the NIST publications, and although they are great publication, they really don't tell you where to start, and what to do next. The NIST pubs also don't have very many practical examples in them. Some of the things I like best about this book are the checklists, the templates, and the fact that it is written so that it is easily understandable. It is not written using geek-o-snob rhetoric that make many computer books difficult to understand.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

5 of 6 people found the following review helpful:

5.0 out of 5 stars Excellent FISMA Book, February 8, 2009

E. Yakabovicz "E. Yakabovicz" (Philadelphia, DE United States) - See all my reviews
(REAL NAME)

Amazon Verified Purchase(What's this?)

This review is from: FISMA Certification & Accreditation Handbook (Paperback)

This has to be the hands-down, best FIMSA C&A book that I have seen on the market. It not only covers the NIST standards, but others such as DCID. It provides the reasons why, the how top's, and excellent checklists to determine if you are on track, or lost in the details of C&A. Many people are lost when it comes to C&A, but this book will provide the necessary bread crumbs to bring C&A home ! I recommend this book for experts as well as novices, only because it provides the very basic's that we sometimes forget.

If you are interested in INFOSEC/Information Assurance and attempting to understand the voodoo of C&A, this book is a good resource to start your journey !

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

Share your thoughts with other customers: Create your own review

› See all 7 customer reviews...

Most Recent Customer Reviews

2.0 out of 5 stars It was pretty good when it came out....
Regardless of what the techno-centric, "just do it and don't bother me" crowd may think, FISMA is a sound piece of work building on decades of prior law. Read more

Published 2 months ago by Stuphologist

4.0 out of 5 stars FISMA Prep
I thought it was a great introduction to this field that is full of acronyms

Published on November 22, 2009 by Charles Martin

1.0 out of 5 stars Poorly written, outdated, don't waste your time
This book is poorly written and outdated. There is very little relevance to what is currently happening in the world of C&A. Read more

Published on April 20, 2009 by cnock

4.0 out of 5 stars Good FISMA Reference
'Fisma Certification & Accreditation Handbook' isn't the type of book that you would pick up for weekend reading but it covers the material that it says it does. Read more

Published on March 21, 2007 by Daniel McKinnon

› See all 7 customer reviews...

Front Cover | Table of Contents | First Pages | Index | Surprise Me!

Inside This Book (learn more)

Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
system security plan, system risk assessment, incident response plan, business risk assessment, privacy impact assessment, business impact assessment, certification agent, security assessment report, federal web sites, software baseline, mission criticality, security categories, personally identifiable information, annual loss expectancy, security scanning, security profile, information system owner, certification package, persistent tracking technologies, federal computer security report cards, user enrollment process, agency security policies, positive accreditation, general support systems, interconnection state

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Contingency Plan, Special Publication, Comments Requirement, Configuration Management Plan, Agency Name, Determining the Certification Level, Addressing Incident Response, Controls Fail, Operations Fail, Technical Pass, Federal Computer Security Report Card, O'Reilly Media, Sensitive But Unclassified, Department of Defense, Public Law, National Institute of Standards, Rules of Behavior, Interim Authority, Top Secret, Windows Server, Executive Order, Plan of Action, Computer Security Incident Handling Guide, Privacy Policy, Intranet Journal

Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Surprise Me!

What Other Items Do Customers Buy After Viewing This Item?

The Definitive Guide to the C&A Transformation by Julie E Mehan Paperback
5.0 out of 5 stars (6)

$69.95

The CISSP and CAP Prep Guide: Platinum Edition by Ronald L. Krutz Hardcover
4.5 out of 5 stars (6)

$34.56

FISMA Principles and Best Practices: Beyond Compliance by Patrick D. Howard Hardcover
5.0 out of 5 stars (1)

$56.15

Official (ISC)2� Guide to the ISSAP� CBK ((ISC)2 Press) by Harold F. Tipton Hardcover
3.6 out of 5 stars (5)

$58.97

› Explore similar items

Tags Customers Associate with This Product

(What's this?)

Click on a tag to find related items, discussions, and people.

fisma(2)

bejtlich(1)

infosec(1)

nist(1)

taosecurity(1)

Agree with these tags?

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }

Customer Discussions

This product's forum

Discussion	Replies	Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight

Start a new discussion

Topic:

First post:

Receive e-mail when new posts are made

Prompts for sign-in

Guidelines

Active discussions in related forums

Discussion	Replies	Latest Post
Textbook forum Textbook Buyback	6	2 days ago
Textbook forum What is an a la carte textbook?	3	3 days ago
Textbook forum the book have the student access code?	1	5 days ago
Textbook forum Never buy school textbooks. Download them to your reading device or computer	6	7 days ago
Textbook forum Never Again	35	18 days ago