Summary
FISMA compliance requires organizations to categorize their information and systems according to risk, create a security plan, implement security controls, and conduct risk assessments.
1
Moderate impact indicates that the loss of confidentiality, integrity, or availability is expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
2
FISMA also requires the development of mandatory information security risk management standards
1
, and the production of several key security standards and guidelines.
3
Companies operating in the private sector can benefit from maintaining FISMA compliance, as they can ensure that they are covering many of the security best practices outlined in FISMA’s requirements.
4
According to
Summary
The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. It requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency. The act has been amended by the Federal Information Security Modernization Act of 2014 (FISMA Reform) to include the requirement for the development of mandatory information security risk management standards.
Federal Information Security Management Act of 2002 - Wikipedia
wikipedia.org
Summary
The FISMA Implementation Project was established in 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. The Computer Security Division continues to produce other security standards and guidelines in support of FISMA, which can be found on the Computer Security Resource Center's website.
Federal Information Security Management Act (FISMA) Implementation Project | NIST
nist.gov
Summary
The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that requires federal agencies to develop, document, and implement an information security and protection program. It requires organizations to keep an inventory of all the information systems utilized within the organization, categorize their information and systems in order of risk, create a security plan, implement security controls, conduct risk assessments, and achieve FISMA Certification and Accreditation. Companies operating in the private sector, particularly those who do business with federal agencies, can benefit from maintaining FISMA compliance, as they can ensure that they are covering many of the security best practices outlined in FISMA’s requirements.
What is FISMA Compliance? 2019 FISMA Definition, Requirements, Penalties, and More
digitalguardian.com
Unable to generate a short snippet for this page, sorry about that.
coalfire.com
