FISMA Compliance

FISMA Compliance

Meet FISMA compliance requirements with solutions from HelpSystems

What is FISMA Compliance?

The Federal Information Security Management Act (FISMA) is a set of security guidelines put in place by the U.S. federal government and NIST, the National Institute of Standards and Technology.

FISMA was made law in 2002 and strives to reduce security vulnerabilities for federal data. All federal government agencies, as well as some state agencies and any non-government agencies that contract with the government, must follow regulations or be fined.

FISMA Requirements & Fines

FISMA Compliance

FISMA’s guidelines cover several areas, including:

  • Information system inventory
  • Risk categorization
  • System security planning
  • Security controls
  • Risk assessments
  • Certification and accreditation
  • Continuous monitoring

For organizations who must comply with FISMA, NIST SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” is one of the most popular and robust publications. This publication establishes and maintains best practices around information security.

Non-compliance is penalized in different ways. Penalties can include congressional reprimands, reduced or eliminated federal funding, low marks on the public FISMA Report Card, poor publicity, bans from future contracts, and negative media coverage.


Let's Talk About How We Can Help