The IT Law Wiki

Program review

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A program review,

in the context of the work required under FISMA, is a review of the security status of an operational program and is not a security program itself. Each program must be reviewed annually to ensure: 1) risk assessments occur; 2) policies and procedures are risk-based and cost-effective and comply with existing laws and OMB policy; 3) security awareness training for all employees; 4) management testing and evaluation of the effectiveness of information security policies and procedures; 5) a process for remedial action; and 6) procedures for detecting, reporting, and responding to security incidents.[1]

References Edit

  1. OMB Memorandum M-04-25, at 25.

Also on Fandom

Random Wiki