Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law part of the Electronic Government Act of 2002.

Content Continues Below

FISMA assigns responsibilities to various agencies to ensure the security of data in the federal government. The act requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. The National Institute of Standards and Technology ( NIST ) outlines nine steps toward compliance with FISMA:

  1. Categorize the information to be protected.
  2. Select minimum baseline controls.
  3. Refine controls using a risk assessment procedure.
  4. Document the controls in the system security plan.
  5. Implement security controls in appropriate information systems.
  6. Assess the effectiveness of the security controls once they have been implemented.
  7. Determine agency-level risk to the mission or business case.
  8. Authorize the information system for processing.
  9. Monitor the security controls on a continuous basis.


This was last updated in May 2013

Continue Reading About Federal Information Security Management Act (FISMA)

Dig Deeper on Government information security management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I don't believe the link to the site is what was intended.
FISMA is the Federal Information Security Modernization Act, not Management Act.
It is actually both. The original FISMA (Federal Information Security Management Act) was updated in 2014 and is now called the Federal Information Security Modernization Act
FISMA requires federal agencies to secure government information, operations, national security interests and assets against natural and man-made threats.You can work with IT governance consulting firms like Wilson Consulting Group to assist you with FISMA compliance.


File Extensions and File Formats

Powered by: