WHAT IS FISMA?
The federal information security management act is a federal law that was put into place in 2012. FISMA is a set of mandatory regulations that intend to mitigate IT risk while providing a strong balance between data security and data access.
WHAT IS FISMA COMPLIANCE?
At its most basic level, FISMA compliance requires two things: security and reporting. It requires…
• IT systems are kept secure
• All system activity is tracked and shared in reports that prove compliance
WHO MUST BE FISMA COMPLIANT?
• All federal agencies
• Any organization working with a federal agency
FISMA COMPLIANCE REQUIREMENTS:
• Categorize your information and information systems
• Select the appropriate minimum to baseline security systems
• Refine the security controls using a risk assessment
• Document the security controls in the system security plan
• Implement the security controls in the information system
• Assess the effectiveness of the security controls
• Determine the agency-level risk to the mission of the business case
• Authorize the information system for processing
• Monitor the security controls on a continuous basis
All agencies that must be FISMA compliant receive an annual grade. All grades are made public. A high score indicates that your agency’s systems are secure. A low score means your organization is at a greater risk of releasing private information that should not be shared.
If you do not comply with FISMA or you earn a low FISMA compliance grade, it is public knowledge. A poor or failing grade may be corresponded to vulnerability to a cyber attack. It can harm your reputation and threaten the job stability of those responsible for maintaining FISMA certification. Other penalties include:
• Harmed or ruined reputation
• Job loss
• Explanations may be owed to congress
• Office of Management and Budget may cancel or delay funding for agency programs
Latest posts by Kristen S (see all)
- Self Storage Marketing And Lead Generation - September 3, 2015
- IVR Technology Group’s Pay by Phone Achieves PCI Level 1 Compliance – Highest Compliance Level for Service Providers - September 2, 2015
- Self Storage: Easiest Way To Collect Rent - August 27, 2015
- Utility Companies: How To Reduce Late Payments - August 21, 2015
- IVR Technology Group: On Fast Track To Success! - August 14, 2015