Request A Consultation
FISMA hero image federal American eagle

FISMA Cybersecurity Compliance

Federal Information Security Modernization Act

The Federal Information Security Modernization Act (FISMA), first passed in 2002 and amended in 2014, applies to unclassified federal information and information systems used by federal agencies or contractors working with federal agencies. 

Federal Information Security Modernization Act

FISMA requires protections against the unauthorized access, use, disclosure, modification, or destruction of information that an agency collects or maintains or that is collected or maintained on behalf of any agency. FISMA also requires the National Institute of Standards and Technology (NIST) to establish minimum security requirements.

Agencies and contractors have to submit a FISMA security authorization package to show they are compliant; it includes a Federal Information Processing Standards (FIPS) 199 security categorization worksheet, privacy threshold assessment/privacy impact assessment, system security plan, security assessment plan, security assessment report, and supporting documents (i.e., information security policies, rules of behavior, IT contingency plan, confirmation management plan, and incident response plan).

CISO Global’s FISMA compliance experts solution can assist organizations with undergoing the security authorization and assessment process and annual continuous monitoring requirements necessary to maintain FISMA compliance. 

Security controls and assessments are based on NIST Special Publications (SP) 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and the security authorization must be consistent with NIST SP 800-37, Risk Management Framework (RMF) for Information systems and Organizations: A System Life Cycle Approach for Security and Privacy.

FISMA made meeting FIPS 199 – Standards for Security, and FIPS 200 – Minimum Security Requirements, mandatory for federal organizations and contractors working with agencies. The NIST 800-37’s RMF is key to categorizing and selecting FIPS 199 and FIPS 200 controls.

FISMA also relies on several other NIST SPs, most notably: 800-30, Guide for Conducting Risk Assessments, 800-34, Contingency Planning Guide for Federal Information Systems, 800-39, Managing Information Security Risk, 800-60, Mapping Information Types to Security Categories, 800-128, Security Focused Configuration Management, and 800-137, Information Security Continuous Monitoring.

Speak With a CISO Global Security Specialist Today

Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, security engineering, and more.

Cybersecurity expert managing CISO Global's security operations center