FISMA - Federal Information Security Management Act

The Federal Information Security Management Act was passed in 2002. FISMA is a framework to manage risk and ensure the confidentiality, availability and integrity
of federal information and information systems. The Act assigns specific development, management, oversight and reporting responsibilities to two federal
agencies, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).

Federal Information Security Management Act (FISMA)
FISMA is a framework aimed at protecting Government information, operations and assets. FISMA requires agency officials to implement policies, procedures and practices to strengthen information security and reduce security risks. FISMA compliance requires the following:
• Develop an agency-wide security program
• Implement and adhere to security configuration standards developed by NIST
• Identify and resolve risks
• Perform ongoing assessment and testing
• Conduct annual reviews on the effectiveness of the agency’s information security and privacy programs and report the results to OMB annually

To provide a formal framework to manage and measure agency security and risk, FISMA tasked NIST with the development of the standards and guidelines for selecting, categorizing and assessing information systems.
Including:
-Develop Security Program
-Identify and Inventory Assets
-Select Security Controls
-Categorize Risk
-Implement Security Controls
-Assess and Monitor Security Controls
-Respond to Incidents

In a nutshell, FISMA requires compliance for all data and information systems that support the agency’s operations and assets. This includes operations and/or assets provided or managed by other agencies or contractors. As part of the FISMA process, agencies must be able to produce a complete and accurate inventory of all systems including their security status and requirements.

For more on FISMA visit: http://csrc.nist.gov/groups/SMA/fisma/index.html