(FISMA ) Federal Information Assurance Management Act Background
The National Institute of Standards and Technology (NIST) was tasked to formulate and publish standards for all federal agencies to follow when developing information security policy and procedures. NIST produced FISMA to standardize a process for IT security policy development focused on government operations. FISMA requires each U.S. government agency to develop, document and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Each phase in the FISMA security certification and accreditation process consists of a set of well-defined tasks and sub tasks that are to be carried out, as indicated, by responsible individuals (e.g., the Chief Information Officer, authorizing official, authorizing official's designated representative, senior agency information security officer, information system owner, information owner, information system security officer, certification agent, and user representatives).
The FISMA encompasses multiple such standards and guidance geared completely toward supporting FISMA reporting requirements.
The key aspects of this program are as follows:
- Standards for categorizing information and information systems by mission impact
- Standards for minimum security requirements for information and information systems
- Guidance for selecting appropriate security controls for information systems
- Guidance for assessing security controls in information systems and determining security control effectiveness
- Guidance for certifying and accrediting information systems
Highlights of our FISMA compliance Service
- Identifies gaps in your agency's security program and FISMA reporting
- Provides detailed recommendations for remediating or maintaining compliance
- Dedicated resources help allow your agency team members to focus on business issues rather than security matters
- Designed to improve compliance and security by implementing appropriate solutions
The Federal Information Security Management Act was first enacted in 2002 as part of the Electronic Government, also known as E-Government, Act. Among other reasons, the E-Government Act was created to allow enhanced access to government information and services. However, this increase in access requires an increase in security, hence the FISMA.
FISMA is mandatory for almost all tier-1 companies that could enhance your network's security and increase your compliance..