Federal Information Security Management Act

The Federal Information Security Management Act (FISMA) defines a comprehensive framework to protect government information, operations, and assets against natural or humanmade threats. FISMA was signed into law part of the Electronic Government Act of 2002.

FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely, and efficient manner. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA:

1. Categorize the information to be protected
2. Select minimum baseline controls
3. Refine controls using a risk assessment procedure
4. Document the controls in the system security plan
5. Implement security controls in appropriate information systems
6. Assess the effectiveness of the security controls once they have been implemented
7. Determine agency-level risk to the mission or business case
8. Authorize the information system for processing
9. Monitor the security controls on a continuous basis

Read more about Federal Information Security Management Act: - SearchSecurity.com provides links to information about FISMA for security professionals. - NIST publishes news updates concerning the FISMA Implementation Project. - Fisma.org provides essential documents as well as questions and answers.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Learn from NIST: Best practices in security program management Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight problems within its enterprise... At RSA, feds seek help to close widening cybersecurity gaps Michael Chertoff, secretary of the Department of Homeland Security called on the private sector to do more to secure the internet from serious... House legislators rip Bush's Cyber Initiative plan Congressional leaders were critical of the administration's efforts in overhauling and expanding the government's intrusion detection system, known as...