White Papers for Federal Information Security Management Act (FISMA)

Closing the Circle of Compliance: SCAP, XCCDF, OVAL and ACR2

PCI Security Vendor Alliance

Information security is one of the great vulnerabilities of modern civilization. In 2004 cybercrime exceeded illegal drugs as the leading criminal enterprise (1). Now in 2007 this problem has spawned a wide variety of regulations and technologies to deal with information security issues. The general form of an information security compliance program is similar across a large number of regulatory frameworks, including the Gramm Leach Bliley Act (GLBA), the Payment Card Industry Digital Security Standard (PCI DSS), the Federal Information Security Management Act (FISMA) and the Health Insurance Portability and Accountability Act (HIPAA). In each case a risk assessment (step 1) is followed by implementation of safeguards (step 2) to meet the risks identified and quantified in step 1. The implementation of safeguards is followed by vulnerability testing (step 3) of the safeguards implemented in step 2. The results of the vulnerability testing are incorporated into a revised risk assessment and the cycle continues.

View the White Paper

Share or bookmarklet this web page at: