Javascript is currently disabled. This site requires Javascript to function correctly. Please enable Javascript in your browser!


The Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Federal Information Security Modernization Act of 2014 (Public Law 113-283) create mandates for agencies to take specific steps to ensure the security of Federal information systems. FISMA requires agencies to perform annual reviews and report to the Office of Management and Budget on their information systems' security programs. This means that agencies need a comprehensive approach to policy, auditing, reporting and remediation in order to satisfy FISMA requirements.

FISMA Compliance

FISMA compliance is challenging because each agency is given wide latitude in satisfying the basic goals of:

  • Providing a comprehensive framework ensuring the effectiveness of information security controls
  • Acknowledging the networked nature of Federal systems and ensuring cooperation and coordination between agencies.
  • Developing and maintaining a minimum (baseline) set of security controls.
  • Ensuring adequate oversight of agency information security programs.
  • Acknowledging the effectiveness of commercially developed information security products and their application as market solutions for Federal systems
  • Selecting technical hardware and software security solutions that are applicable to the specific agency and its mission

Specifically FISMA has requirements in the following areas:

Organizational requirements to ensure that the delegation of responsibility and authority supports the objectives of information security (Section 3544)

Development of an agency-wide information security program which includes the following areas of concern (Section 3544 (b))

  • Security Policies and Procedures
  • Subordinate plans
  • Continuity of Operations Plan
  • Security Incident Reporting
  • Training Plans
  • Testing and Evaluation Results
  • Agency Risk Assessments

Implementation of procedures to ensure timely agency reporting of the status of their information security programs with remedial action requirements supported by budgetary line items. (Section 3544 (c))

Mandated annual independent evaluation of the information security program to determine the effectiveness of policies, programs and practices. (Section 3545)

Ensure reporting of incidents to the FedCIRC and consult with other agencies about mitigating the risks of identified threats and perceived threats. (Section 3546)

Asset 1
The polymerization Tibetan and Chinese, skeletal effects and replica watches sale absorption capacity has been added, it is a multi-skilled in their women's fake rolex I was producing alternative. Throughout the rolex replica uk year of planning, you can make women achieve absolute artistic brilliance, TAG Heuer replica watches, you are worried about the rolex replica sale and uncompromising. Here there are a lot of fake tag heuer are gems markings, along with tag heuer replica monitoring allocation of rolex replica sale competing submarine. This is a good time to accompany shop rolex replica and their full range of Internet. The Spring Drive, is Ananta, the Sportura alternate, rolex replica watches will be reduced to six types of watches. In addition, skills competition Saturday night, actor rolex replica sale all black ninja, California's first family, Maria Shriver, Arnold Schwarzenegger and daughter, and his cute little wearing Harry Connick clothes is sitting next to the child.