This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Certification

FISMA Certification Process

Admin 21 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

FISMA Certification Process

As an internal auditor for a small business enterprise, the main objectives, and roles expected of this position is to provide an independent, consulting oriented, and objective assurance activity which is designed to improve the operations of the business as well as add business value. Which will, in return, help the company in realizing its goals and objectives by bringing a disciplined, systematic approach aimed at improving and evaluating the effectiveness of governance processes, control, and risk management processes, with much regard to the FISMA compliance requirements. Where FISMA compliance is a set of data security guidance protocols brought forward by the National Institute of Standards and Technology alongside FISMA.

FISMA compliance mainly requires all federal agencies to implement internally a set of information security plans aimed at protecting sensitive business data and information technology resources. To effectively and successfully define and provide the appropriate steps and logic for the business to acquire the required FISMA compliance level, the first and most critical aspect that should be identified is the current readiness or position of the organization in the certification process. For this to be made possible, the Strategic Alignment Maturity Model is to be used (Chumo, 2016). The strategic alignment maturity model was developed by Luftman, which is mainly based on 12 essential elements of business and IT alignment..

Don't use plagiarised sources.Get your custom essay just from $11/page

The components and elements of this model are used in forming the building blocks of the general strategic alignment maturity model. Where this model can easily be used and applied in surveying where the business currently stands with regards to both FISMA compliance requirements, as well as while regarding the business’s maturity level, once its maturity is understood.

The model consists of six major alignment areas, each containing its multiple attributes, hence the need for the business to provide much attention to each of the defined regions. And in each area, there is also a set of clearly defined maturity levels. Once the business is evaluated against these levels, it can fall into one of the following five maturity levels;

  1. The Initial level – here IT and business are neither harmonized nor aligned.
  2. Committed level – the business is identified to be committed to becoming aligned.
  • Established focused level – here, the business is much focused on its business objectives as well as having developed its strategic alignment maturity.
  1. Managed or improved level – in this level, the business reinforces its concept and understanding of IT as a value center.
  2. Optimized level – characterized by co-adaptive and integrated IT and strategic business planning.

Currently, as the business has already established its very own internal Standard Operating Procedures (SOP’s), policies, and business procedures, it now holds a level 3 strategic alignment maturity (Ramsey, 2017). Thus, requiring additional work to reach an optimized state favorable to FISMA compliance. Having established these, the two remaining levels of maturity mostly focuses on the importance of IT assets as imaginative and innovative contributors to success, level 4, and the leveraging of said IT assets on the enterprise-wide practices with aim of extending its reach to its supply chains of suppliers, clients, partners, and customers, level 5.

The strategic alignment maturity model will furthermore be used in providing the business with a roadmap that will identify possible opportunities that can be adopted in enhancing the pleasant relationship between IT and business and, as a result, meeting the compliance requirements which are set forth by FISMA. The diagram below will be used as a roadmap in achieving this desired business state.

As such, and as in every business project, procedure, and policy establishment, there is always the potential of risks. Reaching level 5 maturity goals are abetted by the FISMA compliance goals as well, which requires that a business should implement the use of a risk management program aimed at protecting the information systems, and information from disruption, unauthorized access, disclosure and destruction (Futch, 2018). Where the risk management framework to be used will incorporate and adopt the use of NIST security controls as defined in SP 800-53 and supported by FISMA as a compliance requirement.

The RMF process mainly serves as a federal mandate for all businesses and corporations, which are handling federal associated information and data. Hence, the operations should be handled professionally and with no immediate rush. This new approach will be used to address risk related anxieties while at the same time providing a disciplined, consistent, and structured process of assimilating the risk management activities into the SDLC. Thus it is expected to take a period of approximately 8months.

A series of internal auditing operations aided with the help of specific internal technology teams and stakeholders while being applicable in the risk assessment process (Howard, 2016). Namely; operation audits which will require the gathering of information from various departments, officials, and employees in evaluating whether the internal control is working as intended and sufficient in supporting the business goals and objectives, activities within the company adhere to the FISMA compliance requirements, and whether the operating procedures are performed consistently. Performance Audits, which will be used in evaluating the actual performance of the organization compared against the set goals. And Information Technology Audits, which will highly depend on the skills and expertise of the IT department in determining whether the information systems and assets are operating securely.

All the undertaken activities by the organization in ensuring regulatory compliance are designed to follow the FISMA Accreditation and certification process. The process involves a total of 4 phases; the Initiation Phase, which includes resource identification, preparation, and system analysis. Security Certification Phase includes certification documentation and security control assessment. The Security Accreditation phase includes accreditation documentation and decision. The Continuous Monitoring Phase provides security management, system configuration, reporting, and monitoring.

References

Chumo, K. P. (2016). Information systems strategic alignment maturity levels: Corporate and project implementation perspectives. Information Systems6(2), 81-91.

Futch, J. E., Gonczi, A. J., Mason, R. J., & Stuckenberg, I. C. (2018). U.S. Patent No. 10,083,481. Washington, DC: U.S. Patent and Trademark Office.

Howard, P. D. (2016). FISMA principles and best practices: Beyond compliance. Auerbach Publications.

Ramsey, S., & Shankar, A. (2017). HIPAA and FISMA: Computing with Regulated Data (A CCoE Webinar Presentation).

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask