banner

What is FISMA Compliance?

Key & Secrets Management

Encryption

Hardware Security Modules

Signing, Certificates and Stamping

Public Key Infrastructure (PKI)

Data Protection & Security Regulations

PCI DSS Compliance

Data Security in the Cloud

Internet of Things (IoT)

Thales Special Reports

EMEA Compliance

APAC Compliance

Americas Compliance

Global Compliance

Zero Trust

What is FISMA Compliance?

FISMA assigns responsibility to various agencies to ensure the security of data in the federal government. It requires annual reviews of information security programs to keep risks below specified levels.

FISMA Requirements

According to TechTarget’s SearchSecurity website:

FISMA compliance requires program officials, and the head of each agency, to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA:

  1. Categorize the information to be protected.
  2. Select minimum baseline controls.
  3. Refine controls using a risk assessment procedure.
  4. Document the controls in the system security plan.
  5. Implement security controls in appropriate information systems.
  6. Assess the effectiveness of the security controls once they have been implemented.
  7. Determine agency-level risk to the mission or business case.
  8. Authorize the information system for processing.
  9. Monitor the security controls on a continuous basis.

Related Articles

Partners Resources Blogs Sentinel Drivers