FISMA

Federal Information Security Management Act

• Provides for the development and maintenance of minimum controls which are required to protect Federal information and information systems
• Provides a system for improving the supervision of federal agencies´ information security programs
• Requires that each federal agency perform an annual independent evaluation of the information security program and practices of the agency to determine the effectiveness of said program and practices and report the results of the evaluation to Congress
• Ensures the operation of a central federal information security incident center which provides timely technical assistance to operators of agency information systems regarding security incidents, compiles and analyzes information about incidents that threaten information security and informs operators of agency information systems about current and potential information security threats and vulnerabilities

Federal Information Security Management Act of 2002 (FISMA) was enacted to offer a framework that ensures the effectiveness of controls for information security over information resources that support Federal operations and assets. FISMA requires the coordination of information security efforts by civilian, national security, and law enforcement populations in order to provide effective management and oversight of information security risks due to the highly networked nature of the federal computing environment.