Definition: FISMA is a comprehensive set of information assurance “best practices” used by the federal government. The acronym stands for Federal Information Security Act of 2002 (updated in 2014). The Standards outline acceptable policies and controls that cover the full scope of operational information assurance. Detailed information can be found at the web site: http://csrc.nist.gov/groups/SMA/fisma/index.html. Each agency must operate with its agency’s implementation of the requirements. Included in the methodology is the idea of risk assessment, security awareness training, how to respond to security incidents, planning and much more. The set of rules was designed to provide for the confidentiality, integrity and availability of information. Now included is the integration with the Department of Homeland Security and the Cyber Security Framework/
Its Relevance: The national government’s information assurance standards would provide a private user with an excellent overview of what to include in his or her own information assurance program. More importantly, however, if an organization does business with a government agency or contractor it must comply with the Act, Too.