FISMA requires federal agencies, and by extension, the foundations, educational institutions, organizations that receive federal funds as well as the contractors that do business with them, to develop, document, and implement information security programs to protect the confidentiality, integrity and availability of the data and systems that support government operations and assets.

In meeting compliance, agencies and organizations subject to FISMA compliance really face a dual responsibility. First, is to meet FISMA requirements, by identifying and resolving risks, and performing ongoing assessment and testing. Second, is to be able to protect critical information security assets. This latter issue means being able to confidently share information and resources with trusted parties, and to be able to have confidence that those parties are providing appropriate levels of information protection.

 

Attachment Size
Automating FISMA Compliance (1009.48 KB) 1009.48 KB