What is FISMA?

FISMA is an acronym for the Federal Information Security Management Act, technically Title III of the E-Government Act of 2002. It sets policy for information security across the entire Executive Branch of government. This includes the numerous “civilian” departments and agencies (State, Commerce, Homeland Security, Transportation, Health & Human Services, etc.), as well as the Department of Defense and the Intelligence Community.

Specifically, FISMA requires federal departments and agencies to:

• Maintain an inventory of information systems
• Perform periodic system risk assessments
• Implement policies and procedures to reduce risk to an acceptable level
• Periodically test and evaluate information security controls
• Provide appropriate information security training to employees and contractors
• Implement plans and procedures for security incident response and continuity of operations
• Report annually on information security status