Ensuring FISMA Compliance: Integrating Forensics and Incident Response as Mandated by NIST SP 800-86

The Federal Information Security Management Act (FISMA) of 2002 mandates that federal agencies must establish incident response capabilities (44 U.S.C. §3544 (b)(7)). FISMA requires that federal agencies implement an incident response capability consistent with the guidelines and standards established by the National Institute of Standards and Technology (NIST) (44 U.S.C. §3549, incorporating and amending 40 U.S.C. § 11331). Pursuant to this specific mandate under FISMA, NIST issued Special Publication 800-61 Computer Security Incident Handling Guide, which sets forth detailed technical, procedural and policy guidelines for federal agencies to implement a comprehensive incident response program.