The Federal Information Security Management Act (FISMA) is a United States federal law enacted in 2002 to protect government information, operations, and assets against natural and manmade threats. FISMA defines a framework of guidelines and security standards that federal agencies must follow to protect sensitive data and information systems that support the operations and assets of the agency, including those provided or managed by another agency, third-party vendor, or service provider. Specifically, FISMA requires federal agencies, and others it applies to, to develop, document, and implement agency-wide information security programs that can protect sensitive data. The act also pushes some responsibilities to the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) .
FISMA compliance is compliance with the Federal Information Security Management Act (FISMA) . Organizations that store, process, or transmit U.S. government data must comply with FISMA. This includes all federal agencies, as well as any company or organization that contracts with the federal government. FISMA compliance has increased the security of federal information, both within federal and state agencies.
