Federal Information Security Management Act (FISMA) was created in 2002 to set out US federal agencies’ responsibilities in reducing information security risks. In addition to the US federal agencies and state agencies administering federal programs, the Act and resulting NIST standards also apply to private sector organizations that have contractual relationships with them.
These 40,000 plus private organizations must comply with FISMA and the standards developed by NIST (National Institute of Standards and Technology) who also provide guidance on how to implement them. Reporting requirements are strictly monitored by the OMB (Office of Management and Budget) to ensure compliance.
US Congress publishes FISMA results annually, meaning that one of the biggest penalties of non-compliance for commercial organizations is reputational damage. CIOs can be called to Capitol Hill on account of their agencies’ low FISMA score, and agency budgets can be threatened with cuts if scores don’t improve.
Our accurate auditing software helps organizations working with Federal organisations quickly and easily achieve compliance as it adheres to the NIST standards.