WHAT IS FISMA?

The federal information security management act is a federal law that was put into place in 2012. FISMA is a set of mandatory regulations that intend to mitigate IT risk while providing a strong balance between data security and data access.

WHAT IS FISMA COMPLIANCE?
At its most basic level, FISMA compliance requires two things: security and reporting. It requires…

• IT systems are kept secure
• All system activity is tracked and shared in reports that prove compliance

WHO MUST BE FISMA COMPLIANT?
• All federal agencies
• Any organization working with a federal agency

FISMA COMPLIANCE REQUIREMENTS:
• Categorize your information and information systems
• Select the appropriate minimum to baseline security systems
• Refine the security controls using a risk assessment
• Document the security controls in the system security plan
• Implement the security controls in the information system
• Assess the effectiveness of the security controls
• Determine the agency-level risk to the mission of the business case
• Authorize the information system for processing
• Monitor the security controls on a continuous basis

FISMA SCORING
All agencies that must be FISMA compliant receive an annual grade. All grades are made public. A high score indicates that your agency’s systems are secure. A low score means your organization is at a greater risk of releasing private information that should not be shared.

NON-COMPLIANCE PENALTIES:
If you do not comply with FISMA or you earn a low FISMA compliance grade, it is public knowledge. A poor or failing grade may be corresponded to vulnerability to a cyber attack. It can harm your reputation and threaten the job stability of those responsible for maintaining FISMA certification. Other penalties include:

• Harmed or ruined reputation
• Job loss
• Explanations may be owed to congress
• Office of Management and Budget may cancel or delay funding for agency programs

Click here to have one of our FISMA specialists contact you.

The following two tabs change content below.
Kristen S

Kristen S

Kristen is responsible for managing all of IVR’s marketing efforts, including all of our digital media, managing partner relationships, driving leads and generating interest in our products and services.
Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkedin

Subscribe and get awesome monthly newsletters

Get our best articles in your inbox every month, introducing you to new trends, industry insights, best practices, and anything else you need to achieve business success.

Subscribe