Federal Information Security Management Act of 2002
On 17th December, 2002 the President signed the Electronic Government Information Act of 2002 whose Title III is known as the Federal Information Security Management Act (FISMA) of 2002. The Act has been designed to boost up cyber security within the federal government and its associates such as government contractors. It has prescribed for annual information security audits for these entities. FISMA is an attempt to address the challenges posed to federal cyber security in order to protect the economic and national security interests of the USA.
Under the Act the National Institute of Standards and Technology (NIST) has been entrusted with the task of developing security standards and guidelines for federal government agencies in order to meet the overall security objectives of confidentiality, integrity and availability. FISMA Implementation Project was set up in January 2003 to produce key information security standards and guidelines.
The Act provides an elaborate framework for effective information security control over information resources that support federal operations and assets. It also provides for the management of information security risk profiles across the government and for coordination of information security efforts among civilian, law enforcement and national security agencies. Under the network of FISMA there is a control mechanism in place for monitoring information security programs by the authorities across different federal agencies.
FISMA requires that information resources of the federal government and its different agencies be insured against unauthorized access, use, modification, manipulation, disclosure or destruction.
Failure to comply with the information control standards set by the NIST constitutes default to meet the mandatory FISMA requirements rendering those responsible liable to legal actions.
Under FISMA each federal agency must report to the congress annually by the first of March every year on the adequacy and effectiveness of information security practices.
