FISMA IT Security Risk Assessment Report Templates
Download Free FISMA (Federal Information Security Management Act) IT Security Assessment Report Templates / IT Systems reportable under the Federal Information Security Management Act
This Federal Information Security Management Act (FISMA) Security Assessment Report details the results from the security review of Agency X's FISMA-reportable information technology (IT) systems. This review included the testing of management, operational, and technical controls in order to evaluate the effectiveness of AgencyX information security policies, procedures and practices.
The VendorX Assessment Team, in collaboration with Agency X's Chief Information Security Officer (CISO), identified a subset of AgencyX National Institute of Standards and Technology (NIST)-based IT Security Requirements (ITSRs) for inclusion in the fiscal year 2007 (FY07) assessment. This FISMA Security Assessment is a part of the continuous monitoring phase of the certification and accreditation life cycle. This assessment does not constitute the full spectrum of continuous monitoring activities at Agency X, as these also include periodic third party-technical vulnerability testing and the ongoing monitoring provided through the Security Operations Center.
This year's security assessment is the first step of a CISO-directed three year cycle, through which all AgencyX FISMA-reportable IT systems will be assessed against the full set of Agency X ITSRs. This schedule requires that roughly 33% of the ITSRs be tested annually. However, due to time constraints, only 23 % of the ITSRs were identified for inclusion this initial year based on the methodology detailed in Section 2. It will be important, in reviewing this report, to remember that all findings reported and analyzed are against this subset of ITSRs, not against the entire set. Figure 1 is included to further emphasize this important distinction.