Federal Information Security Management Act of 2002 (FISMA)

It sets policy for information security across the entire Executive Branch of government. This includes numerous “civilian” departments and agencies (State, Commerce, Homeland Security, Transportation, Health & Human Services, etc.), as well as the Department of Defense and the Intelligence Community.

Specifically, FISMA requires federal departments and agencies to:

  • Maintain an inventory of information systems;
  • Perform periodic system risk assessments;
  • Implement policies and procedures to reduce risk to an acceptable level;
  • Periodically test and evaluate information security controls;
  • Provide appropriate information security training to employees and contractors;
  • Implement plans and procedures for security incident response and continuity of operations;
  • Report annually on information security status.

Smarsh, Inc. assumes no liability for the accuracy or completeness of this information. Please consult with an attorney for specific information on specific rules and regulations and how they apply to your business.

Helpful Links:
Text of the Federal Information Security Management Act of 2002

Comments are closed.