Federal Information Security Management Act

FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. The National Institute of Standards and Technology ( NIST ) outlines nine steps toward compliance with FISMA:

1. Categorize the information to be protected.
2. Select minimum baseline controls.
3. Refine controls using a risk assessment procedure.
4. Document the controls in the system security plan.
5. Implement security controls in appropriate information systems.
6. Assess the effectiveness of the security controls once they have been implemented.
7. Determine agency-level risk to the mission or business case.
8. Authorize the information system for processing.
9. Monitor the security controls on a continuous basis.

Learn more about FISMA

FISMA essentials for information security practitioners: This tip provides an overview of the Federal Information Security Management Act (FISMA) and what information security professionals need to do in order to comply.
	Ensure that legal responsibilities are clear -- Especially when trouble strikes: Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp.
Do you speak geek: Respecting the letter of the law: Test your knowledge of security laws and regulations.
Quiz: Compliance: Test your knowledge of legislation and standards.
FISMA compliance made easier with OpenFISMA: Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements.
Learn from NIST: Best practices in security program management: Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight problems within its enterprise security program.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - SearchSecurity.com provides links to information about FISMA for security professionals. - NIST publishes news updates concerning the FISMA Implementation Project. - Fisma.org provides essential documents as well as questions and answers.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT GAO report cites government weaknesses, data leakage Federal agencies continue to lack adequate access controls, encryption and risk assessments. Specialized security training was also weak, according to... DHS fills National Cybersecurity Center post Former Microsoft executive Philip Reitinger will lead the DHS' cybersecurity operations, filling a post vacated by Rod Beckstrom. Experts optimistic of Obama cybersecurity plan Information Security magazine's Michael Mimoso reported on the Obama cybersecurity announcement. He interviewed security experts Howard Schmidt, Paul...