#
FISMA
#
Acronyms, Abbreviations, and Initialisms
#
Overview
The Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources.
In support of and reinforcing FISMA, the Office of Management and Budget (OMB) requires executive agencies within the federal government to:
- Plan for security
- Ensure that appropriate officials are assigned security responsibility
- Periodically review the security controls in their systems
- Authorize system processing prior to operations and, periodically, thereafter
Federal agencies need to provide information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of:
- information collected/maintained by or on behalf of an agency
- Information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency.
Also, federal agencies need to "com[ply] with the information security standards" and guidelines, and mandatory required standards developed by the National Institute of Standards and Technology (NIST).
#
Noteworthy
- FISMA requires federal agencies to implement programs to provide information security.
- FISMA requires federal agencies to comply with NIST guidance and standards.