Resources for Federal Information Security Management Act (FISMA)

Federal Information Security Management Act: 2004 Report to Congress

Whitehouse

The Federal Information Security Management Act (FISMA) was passed by Congress and signed into law by the President as part of the Electronic Government Act of 2002. Its goals include development of a comprehensive framework to protect the government’s information, operations, and assets. Providing adequate security for the Federal government’s investment in information technology is a significant undertaking. In FY 2004, the Federal agencies spent $4.2 billion securing the government’s total information technology investment of approximately $59 billion or about seven percent of the total information technology portfolio.
The Act assigns specific responsibilities to Federal agencies, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) in order to strengthen information system security. In particular, FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce information technology security risks to an acceptable level.
To ensure the adequacy and effectiveness of information security controls, FISMA requires agency program officials, Chief Information Officers, and Inspectors General (IGs) to conduct annual reviews of the agency’s information security program and report the results to OMB. OMB uses this data to assist in its oversight responsibilities and to prepare this annual report to Congress on agency compliance with the Act. The report is based primarily on agency and IG reports submitted to OMB in October 2004.
This report to Congress provides:
• A summary of government-wide performance in the area of information technology security management
• An analysis of government-wide weaknesses in information technology security practices, and,
• A plan of action to improve information technology security performance

View the Resource

Share or bookmarklet this web page at: