US Federal Test 18

5 min40 WPM required315 words

5:00

Click on the passage and start typing to begin.

The Federal Information Security Modernization Act, known as FISMA, establishes the framework for protecting the information and information systems used by federal agencies against cybersecurity threats, imposing requirements for risk management, security planning, continuous monitoring, and reporting that apply to every federal agency and to contractors that operate information systems on behalf of federal agencies. System security plans are foundational documents that describe the security controls implemented on a federal information system, the environment in which the system operates, and the connections between the system and other systems, providing the basis for the authorization to operate determination that must be made before a system can be deployed in a production environment. Authorization to operate, commonly called ATO, is a formal management decision made by a designated authorizing official who accepts responsibility for the security risks associated with operating a system based on a review of the system security plan and supporting security assessment documentation. Continuous monitoring has replaced the older concept of periodic reauthorization as the primary mechanism for maintaining assurance of system security, with agencies implementing automated tools to continuously scan for vulnerabilities, track security control status, and generate reports that support ongoing risk management decisions. The National Institute of Standards and Technology develops and maintains the cybersecurity standards and guidelines that form the technical basis for FISMA compliance, including the Risk Management Framework that agencies use to categorize systems based on the potential impact of a security breach and to select and implement appropriate security controls. FISMA requires each agency to report annually to the Office of Management and Budget and Congress on the status of its information security program, and inspectors general conduct independent evaluations of agency FISMA compliance that are included in these annual reports. Federal employees who handle sensitive information are expected to follow agency security policies and complete annual security awareness training as part of their FISMA compliance obligations.