Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How can agencies use SCAP FDCC content to automate FISMA compliance of technical controls?

agencies automate compliance content controls fdcc FISMA scap Technical
0
Posted

How can agencies use SCAP FDCC content to automate FISMA compliance of technical controls?

0 CommentsAdd a Comment

1 Answer

0

SCAP tools, which agencies use to continuously monitor FDCC settings, can output FISMA technical control compliance evidence. The FDCC SCAP content has FISMA compliance mappings embedded in it so that SCAP-compatible tools can automatically generate NIST Special Publication (SP) 800-53 assessment and compliance evidence. Each low level security configuration check is mapped to the appropriate high level NIST SP 800-53 security controls. As draft NIST SP 800-53A progresses towards final publication, there will be a direct linkage, where appropriate, of the assessment procedures found in NIST SP 800-53A to the SCAP automated testing of information system mechanisms and associated security configuration settings. In addition, the FDCC SCAP content also contains mappings to other high level policies (e.g., ISO, DOD 8500, FISCAM) and SCAP tools may also output those compliance mappings. There exists additional SCAP content that can also be used by agencies to automate FISMA technical contro

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123