White Papers for Federal Information Security Management Act (FISMA)

FISMA: Making the Grade;An Introduction to the Federal Information Security Management Act

Verisign

The Federal Information Security Management Act of 2002 (FISMA) makes permanent many of the new information security management responsibilities introduced by the Government Information Security Reform Act (GISRA), which became law in 2000.FISMA goes further, however, requiring objective assessments of the effectiveness of security controls at least once each year on every information system operated by, or for,
the federal government. FISMA requires both an internal evaluation under the direction of the CIO and an independent assessment under the direction of the agency Inspector General. Since 2000, Congress has sought to step up pressure on the heads of agencies to comply with FISMA by collecting assessments and publishing a letter grade for each agency.Because FISMA specifically addresses senior management responsibility, not technical specifications, technical solutions alone will not be sufficient for agencies to earn good marks on FISMA compliance. Rather, agencies must demonstrate how information security technology fits into the framework of an overall security strategy and budget that is in turn integrated with each agency’s mission and goals. FISMA compliance therefore requires not only new initiatives, but a new perspective from the head of the agency down to the security administrator.

View the White Paper

Share or bookmarklet this web page at: