What is FISMA Compliance?
The Federal Information Security Management Act (FISMA) is a law requiring federal agencies to develop, execute, and maintain an information security program to protect any sensitive data they handle. It was passed by the US Congress in 2002.
The foundation of FISMA compliance is data security guidelines provided by the National Institute of Standards and Technology (NIST). NIST is considered the authoritative body for creating, maintaining, and updating security standards for government agencies.
As FISMA’s underlying foundation, NIST:
- Sets the minimum security requirements for establishing information security solutions and protocols.
- Provides recommendations for the types of security systems that agencies within the federal government can implement as well as approved third-party vendors.
- Standardizes risk assessment and auditing practices based on the severity of agency security risk levels.