Federal Information Security Management Act (FISMA)

The U.S. Congress enacted the Federal Information Security Management Act (FISMA) of 2002 to “provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.”

FISMA established minimum information security standards for all civilian agencies, and for organizations using or administering federal data and funds.

• FISMA covers it all – from an information assurance point of view
• The guidance provided by NIST to comply with FISMA:
  • Is comprehensive
  • Has been reviewed and vetted by numerous government agencies and
  • Is reliably updated
• Frameworks and interpretations are already done