[ad_1]
The Federal Information Security Management Act (FISMA) requires all US federal agencies to develop and implement programs to provide security for their information and information systems. The act assigns responsibilities to the Office of Management and Budget and the National Institute of Standards and Technology (NIST) to strengthen information security. NIST has created standards and guidelines for information security that must be followed by all government agencies. Agencies must inventory all information systems and classify them based on risk. FISMA requires all government agencies to meet minimum security requirements and undergo risk assessment. Accreditation is required for every accredited system, and security checks must be monitored.
The Federal Information Security Management Act is a United States federal law passed in 2002. The act itself recognizes the importance of information security to the national and economic security interests of the United States. FISMA requires all federal agencies to develop, implement, and document programs to provide security for their information and information systems.
The need for online security is underlined by the Federal Information Security Management Act. Assigns the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST) with responsibilities designed to strengthen information security. Information security means protecting information and information systems from unauthorized access, disruption, disclosure, modification, use or destruction.
The Federal Information Security Management Act states that NIST is responsible for developing adequate information security for all government agencies except national security systems. NIST has created standards and guidelines for information security that must be followed by all government agencies and works with each to ensure proper understanding and implementation of FISMA. NIST must also measure the effectiveness of FISMA implementation.
Agencies must inventory all information systems that are managed or under the control of the agency. The inventory must identify the interfaces between each of these systems and all other systems, including those not under the control of that agency. The agency must then classify information and information systems based on the level of risk defined by the standards of the Federal Information Security Management Act and guidelines established by NIST.
FISMA requires all government agencies to meet minimum security requirements. It allows for a degree of flexibility in applying minimum security standards in order to meet the specific mission and operating environments of all agencies. Each agency must document its minimum security requirements.
All agencies must undergo risk assessment to verify their security controls and determine if additional controls are needed for the minimum amount of security already established by FISMA and NIST. All this information is then compiled into a document which records the milestones and action plans. This document is periodically reviewed and can be modified if necessary. It is the main input and contribution in the certification and accreditation part of FISMA.
Following all other phases of FISMA’s information security initiative, the controls and security plan of the security system are reviewed. After the review, a senior agency official authorizes the operation of the information system and accepts its risks and controls. The information system is accredited. Every accredited system is required to monitor a number of security checks. In the event that the safety system changes substantially, an updated risk assessment is required, as well as the controls can be modified.