The Federal Information Security Management Act (FISMA) is Title III of the E-Government Act (Public Law 107-347). It was passed by the 107th U.S. Congress and signed into law by President George W. Bush in December 2002. FISMA requires each U.S. federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source. Further, the Homeland Security Presidential Directive 12 (HSPD-12) specifies identity management and access control practices for government employees and contractors. FISMA and HSPD-12 are resulting in organizations taking a risk-based, cost-effective approach to securing sensitive information and systems.

FISMA Scope FISMA impacts all federal information systems. The FISMA legislation is about protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: Confidentiality (44 U.S.C. 3542), this implies guarding against improper information, modification or destruction, and including means for protecting personal privacy and proprietary information Integrity (44 U.S.C. 3542), this implies guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity Availability (44 U.S.C. 3542), this implies ensuring timely and reliable access to and use of information

Role of the NIST

The National Institute of Standards and Technology (NIST) has a critical role to play in enabling federal agencies comply with FISMA. The NIST’s FISMA-related responsibilities include:

• Development of standards, guidelines, and associated methods and techniques for information systems
• Development of standards and guidelines, including the establishment of minimum requirements for information systems used by agencies
• Development of standards and guidelines, including the establishment of minimum requirements for providing adequate information security for all agency operations and assets

Federal agencies must be compliant with FISMA requirements – and FISMA is all about information security. ecfirst.com can help you with your FISMA and HSPD-12 challenges and priorities. ecfirst.com solutions help your organization implement the security controls required in NIST Special Publication 800-53. ecfirst.com, an Inc. 500 business, serves a Who’s Who client list that includes the U.S. Department of Veterans Affairs. Call Lorna Waggoner and ask him for our white paper on FISMA and HSPD-12. He can be reached at 1.877.899.9974 x17. Talk to us to learn more about our FISMA and HSPD-12 compliance solutions.

ecfirst.com can help you with your FISMA and HSPD-12 compliance solutions.  Call Lorna Waggoner and ask her for our white paper on FISMA and HSPD-12 compliance solutions. She can be reached at 1.877.899.9974 x17. Talk to us to learn more about our FISMA and HSPD-12 compliance solutions.

---