• List Price: CDN$ 95.89
  • You Save: CDN$ 4.75 (5%)
Temporarily out of stock.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Ships from and sold by Amazon.ca. Gift-wrap available.
FISMA Certification and A... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Good | Details
Condition: Used: Good
Comment: Moderate wear on cover and edges. Minimal highlighting and/or other markings can be present. May be ex-library copy and may not include CD, Accessories and/or Dust Cover. Good readable copy.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

FISMA Certification and Accreditation Handbook Paperback – Dec 28 2006

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 91.14
CDN$ 68.99 CDN$ 27.45

There is a newer edition of this item:

FISMA Compliance Handbook: Second Edition
CDN$ 91.82
Temporarily out of stock.

Harry Potter and the Cursed Child
click to open popover

Special Offers and Product Promotions

  • You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 504 pages
  • Publisher: Syngress; 1 edition (Dec 12 2006)
  • Language: English
  • ISBN-10: 1597491160
  • ISBN-13: 978-1597491167
  • Product Dimensions: 18 x 3.5 x 22.7 cm
  • Shipping Weight: 658 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #2,818,408 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

About the Author

Laura Taylor leads the technical development of FedRAMP, the U.S. government's initiative to apply the Federal Information Security Management Act to cloud computing. In 2006, Taylor's FISMA Certification and Accreditation Handbook was the first book published on FISMA. Taylor has contributed to four other books on information security and has authored hundreds of articles and white papers on infosec topics for a variety of web publications and magazines. Specializing in assisting federal agencies and private industry comply with computer security laws, Taylor is a thought leader on cyber security compliance. Taylor has led large technology migrations, developed enterprise wide information security programs, and has performed risk assessments and security audits for numerous financial institutions.

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x9e389b94) out of 5 stars 8 reviews
13 of 15 people found the following review helpful
HASH(0xa248c36c) out of 5 stars Horrible law, good book March 9 2007
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
I am no fan of the FISMA law. I've posted several stories on my blog explaining why I think FISMA is a waste of taxpayer money. Laura Taylor's FISMA Certification and Accreditation Handbook, however, is a good book if you are unfortunate enough to be tasked with performing FISMA work.

The core of this book is understanding the C&A process. C&A is essentially a giant preparatory paperwork exercise conducted before "game day." When the game is being played (i.e., when .gov systems are being compromised) FISMA demonstrates its irrelevance. Still, it would be nearly impossible to understand FISMA and C&A by looking at agency documentation and applicable laws. The Handbook lays out FISMA and C&A in an easy-to-understand manner, probably sharply reducing the slope of the learning curve for the FISMA and C&A newbie.

One of my favorite aspects of the Handbook is the use of templates. If you need to build a C&A program from (nearly) scratch, or if you want to apply best practices to an existing program, the Handbook's templates and suggested language will be invaluable. The Handbook also includes many tables of examples and checklists that could be dropped right into relevant documents.

I considered giving the Handbook five stars, even though I detest FISMA and C&A. Given the technical errors and oddities I found, I could only offer four stars. The Handbook claims to have been reviewed by a technical editor, but several comments made me question the level of attention paid to technical details. Ch 12 (Performing the Security Tests and Evaluation) features the comment "Many network scanners also scan for open ports" (p 200). I should hope so; otherwise, they might not know what to examine. One of the suggested port scanners is Strobe, which was popular in 1997 (no lie). I really liked this comment on p 207, which I assume is meant to reassure those tasked with C&A: "Don't get bogged down trying to figure out how a port listener differs from a port scanner." If a so-called "security consultant" doing C&A doesn't know the difference, they need to hang it up immediately. The "Suspicious Events That Are Worth Auditing" chart on p 348 really made me laugh. Item "SE 6" says "Invalid IP addresses that are not in the range of acceptable octets, for example:" Are they SERIOUS?

In brief, if you are stuck doing C&A for FISMA, take a look at the Handbook. If you are tasked with doing anything remotely technical regarding FISMA, you won't find help in this book.
9 of 10 people found the following review helpful
HASH(0x9e6d40e4) out of 5 stars Excellent Reference March 31 2008
By J. Fowler - Published on Amazon.com
Format: Paperback
I bought this book because I needed to know how to get through the C&A process from start to finish. I'd read some of the NIST publications, and although they are great publication, they really don't tell you where to start, and what to do next. The NIST pubs also don't have very many practical examples in them. Some of the things I like best about this book are the checklists, the templates, and the fact that it is written so that it is easily understandable. It is not written using geek-o-snob rhetoric that make many computer books difficult to understand.
6 of 7 people found the following review helpful
HASH(0x9f6162c4) out of 5 stars Excellent FISMA Book Feb. 8 2009
By E. Yakabovicz - Published on Amazon.com
Format: Paperback Verified Purchase
This has to be the hands-down, best FIMSA C&A book that I have seen on the market. It not only covers the NIST standards, but others such as DCID. It provides the reasons why, the how top's, and excellent checklists to determine if you are on track, or lost in the details of C&A. Many people are lost when it comes to C&A, but this book will provide the necessary bread crumbs to bring C&A home ! I recommend this book for experts as well as novices, only because it provides the very basic's that we sometimes forget.

If you are interested in INFOSEC/Information Assurance and attempting to understand the voodoo of C&A, this book is a good resource to start your journey !
7 of 9 people found the following review helpful
HASH(0x9e887bb8) out of 5 stars Good FISMA Reference March 21 2007
By Dan McKinnon - Published on Amazon.com
Format: Paperback
'Fisma Certification & Accreditation Handbook' isn't the type of book that you would pick up for weekend reading but it covers the material that it says it does. Dry and dull it may be, but if you work with this subject matter this is a good reference.

3 of 4 people found the following review helpful
HASH(0x9e3a3090) out of 5 stars FISMA Prep Nov. 22 2009
By walt frazier - Published on Amazon.com
Format: Paperback Verified Purchase
I thought it was a great introduction to this field that is full of acronyms