Semantic web representations for reasoning about applicability and satisfiability of federal regulations for information security

In this paper, the Nomos 2 framework for modeling law-compliant solutions in software system design is applied in the context of the Federal Information Security Modernization Act (FISMA) of 2014. Information security regulatory statements with a high variability space are examined to explore the utility and limits of the Nomos 2 framework for information security regulations. Additionally, Nomos 2 concepts are modeled in a semantic web representation for reasoning about the applicability and satisfiablity of FISMA regulations for information systems. The use of freely available semantic web toolsets for knowledge modeling and reasoning are demonstrated in an example scenario requiring the determination of FISMA related authorities and functions.