In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Third International Conference on Human Aspects of Information Security & Assurance (HAISA 2009)
Title: Information System Security Compliance to FISMA Standard: A Quantitative Measure
Author(s): Elaine Hulitt, Rayford Vaughn
Keywords: Risk Assessment, Secure Architecture Modeling, Metrics and Architectures
Abstract: To ensure that safeguards are implemented to protect against a majority of known threats, industry leaders are requiring information processing systems to comply with security standards. The National Institute of Standards and Technology Federal Information Risk Management Framework (RMF) and the associated suite of guidance documents describe the minimum security requirements (controls) for non-national-security federal information systems mandated by the Federal Information Security Management Act (FISMA), enacted into law on December 17, 2002, as Title III of the E-Government Act of 2002. The subjective compliance assessment approach described in the RMF guidance, though thorough and repeatable, lacks the clarity of a standard quantitative metric to describe for an information system the level of compliance with the FISMA-required standard. Given subjective RMF assessment data, this article suggests the use of Pathfinder networks to generate a quantitative metric suitable to measure, manage, and track the status of information system compliance with FISMA.
Download count: 2378
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.