FAQ About Understanding the Basics of Cybersecurity

The Federal Information Security Management Act (FISMA) is a United States federal law that establishes a framework for information security and assigns responsibilities for maintaining the security of federal information systems.

FISMA requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

The law requires federal agencies to identify and assess risks, develop and implement policies and procedures to mitigate those risks, and periodically test and evaluate the effectiveness of their information security programs. FISMA also requires federal agencies to report to Congress on their information security programs and any incidents or vulnerabilities that have occurred.

FISMA is designed to improve the security of federal information systems and protect sensitive government information from unauthorized access, use, disclosure, disruption, modification, or destruction. It applies to all federal agencies and their contractors, and compliance with FISMA is mandatory for all federal agencies.