on 2018-05-1802:38 PM - edited on 2021-08-2305:08 PM by JordanBauman
As computer technology has advanced, federal agencies and other government entities have become dependent on computerized information systems to carry out their operations. To help ensure the proper operation of these systems, FISCAM provides auditors with specific guidance for evaluating the confidentiality, integrity, and availability of information systems.
FISCAM is also consistent with National Institute of Standards and Technology's (NIST) guidelines for complying with the Federal Information Security Modernization Act of 2014 (FISMA). This law requires federal agencies to develop, document, and implement agency-wide programs to ensure information security. NIST Special Publication 800-53 provides recommended security controls for federal information systems and organizations, and appendix 3 of FISCAM provides a crosswalk to those controls.
RSA Archer provides authoritative source content for several FISCAM booklets including:
FISCAM - Evaluating and Testing Business Process Application Controls
FISCAM - Evaluating and Testing General Controls
This content is available in English only.
Control standard mappings are not available for these authoritative sources.
The FISCAM authoritative source content is available with the use of the RSA Archer Policy Program Management, RSA Archer IT Policy Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the U.S. G.A.O. Federal Information System Controls Audit Manuals (FISCAM) Authoritative Source Content: