Success Strategies for Meeting the 2013 FISMA Requirements

Over the past year, Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) have made major advances in improving and simplifying the future security requirements for government information technology (IT).  They have identified new standards, strategies, and solutions that have reduced the FISMA requirements on the government organizations by over 50 percent and the risk to systems by much more.  These include the following:

• NIST published new guidelines on how to do risk assessments (NIST SP800-30), security controls (NIST SP800-53) and information security continuous monitoring planning (NIST SP800-137).
• DHS published new FISMA reporting metrics for CIOs and OIGs in November 2012, evolved the Federal FISMA review process, established common information monitoring requirements, and has initiated the contracting of centrally funded solutions for monitoring all government IT systems.
• Both have increase the availability of effective automated security solutions for reducing the security work load and risk to IT systems.

How do you leverage all of these advances to successfully meet your 2013 FISMA requirements and ensure that your approach to securing your systems is practical and simplified?  

This 2-day course provides you with specific and practical strategies for leveraging the changes into meeting your individual and enterprise FISMA responsibilities in 2013. Attendees will gain a practical understanding of the strategies by working real-world examples during group activities and by reviewing actual samples of the key FISMA documents:  

• System Security Plan (SSP),
• Plan of Action and Milestones (POAM),
• Security Assessment Report (SAR), and
• Information Security Continuous Monitoring (ISCM) Plans.

Speakers from DHS and NIST will be providing current information and guidance related to trends and the new FISMA reporting metrics, processes, and standards.  The course instructor brings real-world practical experience from supporting over 300 FISMA authorizations and continuous monitoring programs for systems in military, public and private sectors.  Using his experience, he will provide practical examples and 2013 strategies for solving your individual and enterprise IT security solutions for real-world systems to demonstrate how to meet FISMA requirements in a smarter and more effective way.