DHS logo

FISMA Framework

CategoryFederal Security Regulation

Federal Information Security Modernization Act (FISMA) is a US federal law enacted in 2014 that amended the existing cyber-security legislation, to enable the federal government to mitigate information-related risks and better respond to cyber attacks on departments and agencies.


Publications


Federal Security Guidelines


Security Controls for Federal Agency Operations

FISMA of 2014 recognized the highly networked nature of the current federal computing environment, and amended the Federal Information Security Management Act (FISMA) of 2002 in order to establish more effective, government-wide oversight of the current information security risks and their mitigation measures.

The updated cyber-security legislation provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets across all departments and agencies.

FISMA of 2014 reestablishes the oversight authority of the Office of Management and Budget (OMB) with respect to agency information security policies and practices, and sets forth an authority for the Department of Homeland Security (DHS) to administer the implementation of such policies and practices for information systems.

FISMA compliance is achieved by implementing standards and guidelines maintained by NIST in alignment with ISMS, issued by the Department of Commerce (DOC).

FISMA framework