What is FISMA?

FISMA is an acronym for the Federal Information Security Management Act, technically Title III of the E-Government Act of 2002. It sets policy for information security across the entire Executive Branch of government. This includes numerous “civilian” departments and agencies (State, Commerce, Homeland Security, Transportation, Health & Human Services, etc.), as well as the Department of Defense and the Intelligence Community.

Specifically, FISMA requires federal departments and agencies to:

• Maintain an inventory of information systems
• Perform periodic system risk assessments
• Implement policies and procedures to reduce risk to an acceptable level
• Periodically test and evaluate information security controls
• Provide appropriate information security training to employees and contractors
• Implement plans and procedures for security incident response and continuity of operations
• Report annually on information security status