The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
FISMA was signed into law and forms part of the Electronic Government Act of 2002.
FISMA goal is to Protect the confidentiality, Integrity and Availability (CIA) of information and information system.
Office of Management Budget (OMB) is an executive branch of the government responsible for the implementation of the FISMA Law. All government agencies report their FISMA compliance status to OMB
Comply or have your budget not approved
National Institute Of Standards And Technology
National Institute of Standards and Technology
(NIST) has various publication to help government and non-government agencies to comply with FISMA:
Federal Information Processing Standard (FIPS)
NIST Special Publication (SP)
500 series – Information Technology
800 series – Computer Security
The Federal Information Security Modernization Act (FISMA) is a law
OMB is executive branch of the government responsible for FISMA compliance
Directive on FISMA is found in OMB Circular A 130 Appendix III
NIST has developed the RMF to help comply with FISMA
Risk Management Framework (RMF)
After 2011 Security Assessment & Authorization (SA&A)Categorization Control SelectionControl Implementation Control Assessment Authorization Continuous Monitoring
Before 2011 Certification and Accreditation (C&A)Initial Certification AccreditationContinuous Monitoring