Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution.
Choose all that apply.
Click on the arrows to vote for the correct answer
A. B. C. D.CD.
The correct answers are C. FISMA and D. Office of Management and Budget (OMB).
FISMA (Federal Information Security Management Act) is a United States federal law enacted in 2002 that defines a comprehensive framework to protect government information, operations, and assets against natural and man-made threats. FISMA requires that all general support systems and major applications within federal agencies be fully certified and accredited before they are put into production. This means that a rigorous assessment and testing process is required to ensure that the systems and applications meet security standards and requirements.
The Office of Management and Budget (OMB) is an executive branch agency responsible for managing the federal budget and overseeing the implementation of government-wide policies, including those related to information technology. OMB Circular A-130, "Management of Federal Information Resources," requires that all federal agencies comply with FISMA and develop a formal process for certifying and accrediting their information systems.
NIST (National Institute of Standards and Technology) is a non-regulatory federal agency within the U.S. Department of Commerce that develops and promotes measurement, standards, and technology. While NIST provides guidelines and standards related to information security, it does not have the authority to require certification and accreditation of information systems.
FIPS (Federal Information Processing Standards) are a set of standards for information technology developed by NIST. FIPS standards specify requirements for a variety of areas, including encryption and authentication, but do not directly address certification and accreditation of information systems.
In summary, FISMA and OMB require all general support systems and major applications within federal agencies to be fully certified and accredited before they are put into production. NIST provides guidelines and standards related to information security, but does not have the authority to require certification and accreditation. FIPS are a set of information technology standards developed by NIST, but do not directly address certification and accreditation of information systems.