The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that requires companies to establish protection plans for secure information and data. FISMA is part of the larger E-Government Act of 2002 designed to monitor and improve sensitive information managed by electronic government services and organizations.
The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for its information systems and data within to support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
- Coordinating with the client’s executive leadership to help define the information security program and framework
- Managing the development, implementation, and maintenance of the program
- Governance including security policies, procedures, and metrics
- Risk and threat assessments
- Security compliance management
- Coordinating with testing and assessment teams to analyze, prioritize, and coordinate remediation or exceptions management
- Helping establish information security engineering and operational capabilities
- Implementing Agency-Specific Security Policy Guidance and Enforcement
- Assessment and Authorization
- Security Policy Development
- System design Assessments for potential risks with cost effective recommendations for risk reduction
- Continuous Monitoring