Introduction To FISMA Q3

  • The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
  • FISMA was signed into law and forms part of the Electronic Government Act of 2002.
  • FISMA goal is to Protect the confidentiality, Integrity and Availability (CIA) of information and information system.
  • Office of Management Budget (OMB) is an executive branch of the government responsible for the implementation of the FISMA Law. All government agencies report their FISMA compliance status to OMB
  • Comply or have your budget not approved

National Institute Of Standards And Technology

National Institute of Standards and Technology

(NIST) has various publication to help government and non-government agencies to comply with FISMA:

  • Federal Information Processing Standard (FIPS)
  • NIST Special Publication (SP)
    • 500 series – Information Technology
    • 800 series – Computer Security


  • The Federal Information Security Modernization Act (FISMA) is a law
  • OMB is executive branch of the government responsible for FISMA compliance
  • Directive on FISMA is found in OMB Circular A 130 Appendix III
  • NIST has developed the RMF to help comply with FISMA
  • Risk Management Framework (RMF)
After 2011
Security Assessment & Authorization (SA&A)Categorization Control SelectionControl Implementation Control Assessment Authorization Continuous Monitoring
Before 2011
Certification and Accreditation (C&A)Initial Certification AccreditationContinuous Monitoring
error: Content is protected !!