FISMA Compliance Solutions

What is FISMA Compliance?

The Federal Information Security Management Act (FISMA) is a set of security guidelines put in place by the U.S. federal government and NIST, the National Institute of Standards and Technology.

FISMA was made law in 2002 and strives to reduce security vulnerabilities for federal data. All federal government agencies, as well as some state agencies and any non-government agencies that contract with the government, must follow regulations or be fined.

FISMA Requirements & Fines

FISMA’s guidelines cover several areas, including:

Information system inventory
Risk categorization
System security planning
Security controls
Risk assessments
Certification and accreditation
Continuous monitoring

For organizations who must comply with FISMA, NIST SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” is one of the most popular and robust publications. This publication establishes and maintains best practices around information security.

Non-compliance is penalized in different ways. Penalties can include congressional reprimands, reduced or eliminated federal funding, low marks on the public FISMA Report Card, poor publicity, bans from future contracts, and negative media coverage.

FISMA Compliance

What is FISMA Compliance?

FISMA Requirements & Fines

Explore FISMA & Compliance Resources

NIST 800-171 Cybersecurity Regulation: How It Affects IT Professionals Everywhere

Best Practices for Audit and Compliance Reporting for Power Systems Running IBM i

How to Get Started with NIST 800-171 Compliance

HelpSystems FISMA Solutions