What Does Federal Information Security Management Act (FISMA) Mean?
The Federal Information Security Management Act (FISMA) is a United States Federal law for information security (IS) enacted in 2002. FISMA features include policy development, risk management and IS awareness training for federal agencies.
FISMA is also known as the E-Government Act.
Techopedia Explains Federal Information Security Management Act (FISMA)
FISMA dictates the establishment of IS protections during all federal agencies operations.
FISMA requires federal agencies to develop IS programs. It also promotes commercial information security tools. After risk outcome assessments are completed (addressing such events as unauthorized network access), policies and security standards must be developed. In addition, threat protections must be established throughout the development of any government information system. All established IS protective measures must be tested regularly to ensure optimal operations.
FISMA also allows a chief information officer (CIO) to delegate another officer for development of an agency IS program, which must be well-documented and include FISMA-dictated IS awareness training for employees and contractors.
FISMA also requires all agencies to establish and implement business continuity plans to address any actual threats during business operations. Independent information security program evaluations occur on an annual basis.