Federal Information Security Management Act of 2002 (FISMA)

It sets policy for information security across the entire Executive Branch of government. This includes numerous “civilian” departments and agencies (State, Commerce, Homeland Security, Transportation, Health & Human Services, etc.), as well as the Department of Defense and the Intelligence Community.

Specifically, FISMA requires federal departments and agencies to:

  • Maintain an inventory of information systems;
  • Perform periodic system risk assessments;
  • Implement policies and procedures to reduce risk to an acceptable level;
  • Periodically test and evaluate information security controls;
  • Provide appropriate information security training to employees and contractors;
  • Implement plans and procedures for security incident response and continuity of operations;
  • Report annually on information security status.

Smarsh, Inc. assumes no liability for the accuracy or completeness of this information. Please consult with an attorney for specific information on specific rules and regulations and how they apply to your business.

Helpful Links:
Text of the Act

Related Industries: 
Government

Use the filters below to find regulations and laws relevant to you and your company.

© 2013 Smarsh, Inc. All rights reserved. The Smarsh logo and name are registered trademarks of Smarsh, Inc. The Bloomberg name and logo are trademarks
of Bloomberg Finance L.P. or its subsidiaries. All other logos, company names and product names are property of their respective companies.