Federal Information Security Management Act
of 2002 (FISMA)
Requires that each federal agency develop, document, and implement agency-wide information security programs.
The Six Objectives of FISMA are:
1) Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.
2) Recognize the highly networked nature of the current Federal computing environment and provide effective government wide management and oversight of the related information security risks, including coordination for information security efforts throughout the civilian, national security, and law enforcement communities.
3) Provide for development and maintenance of minimum controls required to protect Federal information and information systems.
4) Provide a mechanism for improved oversight of Federal agency information security programs.
5) Acknowledge that commercially developed information security products offer effective solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation.
6) Recognize that the selection of specific technical hardware and software information security solutions should be left to the individual agencies.
Each agency must annually submit a report using the provided OMB templates and must undergo an independent evaluation by the Inspectors General. This information is then used in the OMB’s Annual Report to Congress.
The OMB recommends that agencies follow the methodology provided in NIST Special Publication 800-26, the “Security Self-Assessment Guide for Information Technology Systems” when conducting their annual self-reviews.
Using Pivot Group to Assist in FISMA Compliance
For more information about FISMA, please refer to our Resource Guide.