Detailing a proven approach for establishing and implementing a comprehensive information security program, this book integrates compliance review, technical monitoring, and remediation efforts to explain how to achieve and maintain compliance with Federal Information Security Management Act (FISMA) requirements. Based on the author's experience developing, implementing, and maintaining enterprise FISMA-based information technology security programs at three major federal agencies, the book provides workable solutions for establishing and operating an effective security compliance program. It delineates the processes, practices, and principles involved in managing the complexities of FISMA compliance.