The Federal Information Security Management Act (FISMA) is a U.S. federal act that creates the framework designed to protect government information, assets and operations against threats. Under FISMA, various agencies are assigned responsibilities to protect this data. It requires the head of each agency to review information security programs annual, so that risks can be measured and maintained below accepted threat levels in ways that reduce costs and ensure efficiency. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA. These steps include categorizing information to be protected, defining baseline controls, refining these controls using risk assessment techniques, and documenting controls and security. It also requires implementation of security controls in information systems, assessment of these security controls, determination of agency-level risk, authorization, and continuous monitoring.

Would you like to learn more about the FISMA federal act? Read our solution brief, "What You Need to Know About FISMA Compliance and Your GRC Tool", or watch a short video of how Rsam automates FISMA compliance activities.