(FISMA ) Federal Information Assurance Management Act Background
The National Institute of Standards and Technology (NIST) was tasked to formulate and publish standards for all federal agencies to follow when developing information security policy and procedures. NIST produced FISMA to standardize a process for IT security policy development focused on government operations. FISMA requires each U.S. government agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Each phase in the FISMA security certification and accreditation process consists of a set of well-defined tasks and sub tasks that are to be carried out, as indicated, by responsible individuals (e.g., the Chief Information Officer, authorizing official, authorizing official's designated representative, senior agency information security officer, information system owner, information owner, information system security officer, certification agent, and user representatives).
The FISMA encompasses multiple such standards and guidance geared completely toward supporting FISMA reporting requirements.
The Federal Information Security Management Act was first enacted in 2002 as part of the Electronic Government, also known as E-Government, Act. Among other reasons, the E-Government Act was created to allow enhanced access to government information and services. However, this increase in access requires an increase in security, hence the FISMA.
FISMA is mandatory for almost all tier-1 companies that could enhance your network's security and increase your compliance..