We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is the Federal Information Security Management Act?

By Thomas Grey
Updated: May 17, 2024
Views: 8,648
Share

The Federal Information Security Management Act is a United States federal law that was passed in 2002. The act itself recognizes the importance of information security to the national and economic security interests of the United States. FISMA requires all federal agencies to develop, implement and document programs to provide security for their information and information systems.

The need for online security is stressed in the Federal Information Security Management Act. It tasks the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST) with responsibilities designed to strengthen information security. Information security means guarding information and information systems against unauthorized access, disruption, disclosure, modification, use or destruction.

The Federal Information Security Management Act states that the NIST is responsible for the development of adequate information security for all government agencies but national security systems. The NIST created standards and guidelines for information security that must be followed by all government agencies, and it works with each to ensure the proper understanding and implementation of FISMA. The NIST must also measure the effectiveness of FISMA's implementation.

Agencies must inventory all information systems that are operated by or are under the control of the agency. The inventory must identify the interfaces between each such system and all other systems, including those not under the control of that agency. The agency must then categorize the information and information systems according to risk level as defined by the Federal Information Security Management Act standards and the guidelines set out by the NIST.

FISMA requires minimum security requirements to be met by all government agencies. It allows for a degree of flexibility in the application of the minimum security standards in order to meet the specific mission and operational environments of all agencies. Each agency must document its minimum security requirements.

All agencies must submit to risk assessment to verify their security controls and determine whether additional controls are required for the minimum amount of security already established by FISMA and the NIST. All of this information is then compiled into a document that records milestones and plans of action. This document is periodically reviewed and can be modified as necessary. It is the main input and contribution in the certification and accreditation portion of FISMA.

Following all other steps in FISMA's information security initiative, the security system's controls and security plan come under review. After the review, a senior agency official authorizes operation of the information system and accepts the risks and controls therein. The information system is accredited. Each accredited system is required to monitor a set of security controls. Should the security system change in a large way, an updated risk assessment is required, as is possible change to the controls.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.

Editors' Picks

Discussion Comments
Share
https://www.wisegeek.net/what-is-the-federal-information-security-management-act.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.