The page uses Browser Access Keys to help with keyboard navigation. Click to learn moreSkip to Navigation

Different browsers use different keystrokes to activate accesskey shortcuts. Please reference the following list to use access keys on your system.

Alt and the accesskey, for Internet Explorer on Windows
Shift and Alt and the accesskey, for Firefox on Windows
Shift and Esc and the accesskey, for Windows or Mac
Ctrl and the accesskey, for the following browsers on a Mac: Internet Explorer 5.2, Safari 1.2, Firefox, Mozilla, Netscape 6+.

We use the following access keys on our gateway

n Skip to Navigation
k Accesskeys description
h Help
Claremont McKenna College    
 
    
 
  Oct 16, 2017
 
2017-2018 Policy Library

Federal Information Security Management Act


Federal Information Security Management Act

Claremont McKenna College adheres to the Federal Information Security Management Act (FISMA), which requires that federal agencies provide information security, including those services provided by contractors or other sources. FISMA assigns responsibilities to the National Institute of Standards & Technology (NIST) to provide standards and guidance to aid agencies in meeting the requirements of the law.

When required by a federal agency, the College will work with the PI/research team to create a FISMA Management Plan that will include:

Component Description
Scope of Work Identification and description of the work (including that to be performed by any subcontractors), internal and external sources of data, systems for daa processing and storage, all hardware and software to be used for the project, personnell involved, facilities, configuration controls, etc.
Implentation of Controls In addition to the controls normally associated with computer use, FISMA requirements include such things as personnel background checks, surveillance cameras, disaster recovery plans, ssytem backups, training, use of dedicated computers, encryption of data lines, workstation restrictions, security monitoring, physical access controls to work areas, etc.
Evaluation of Controls Verification that the appropriate security controls/events are monitored, generated and recorded, verifying data restoration procedures, validating performance of surveillance cameras, access log review, etc.

Depending on the Management Plan -

  • Additional study costs, in some cases significant, especially when an offsite, commercial third-party FISMA-compliant data processing/storage facility is used or extraordinary data process is needed.
  • Additional work load due to added security requirement conformance and monitoring.
  • Possible project start-up delays due to creation and approval of the Management Plan.