Security Management Act (FISMA)
If you are a government agency, contractor or an organization that exchanges data with government systems, you need to be FISMA compliant.
FISMA is an acronym for the Federal Information Security Management Act, technically Title III of the E-Government Act of 2002. It sets policy for information security across the entire Executive Branch of government. This includes numerous “civilian” departments and agencies (State, Commerce, Homeland Security, Transportation, Health & Human Services, etc.), as well as the Department of Defense and the Intelligence Community.
The goal of FISMA is to ensure that Federal departments and agencies apply risk-based, cost-effective measures to enact adequate security measures to mitigate the risk of the unauthorized access, use, disclosure, disruption, modification, or destruction of information.
Federal government systems are entrusted with transmitting some of the nation’s most sensitive and critical information. The impact of a data breach or service disruption to a government system would not only threaten