This is the Federal Information Systems Management Act. It defines the security requirements each government agency is required to meet.



Protecting the Nation’s Critical Information Infrastructure


Vision of FISMA

TTo promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act. This includes:

  • Standards for categorizing information and information systems by mission impact.
  • Standards for minimum security requirements for information and information systems.
  • Guidance for selecting appropriate security controls for information systems.
  • Guidance for assessing security controls in information systems and determining security control effectiveness.
  • Guidance for the security authorization of information systems.
  • Guidance for monitoring the security controls and the security authorization of information systems.


Why This Matters When carried out, the vision of FISMA leads to:

  • Implementation of cost-effective, risk-based, information security programs.
  • Establishment of a level of security due diligence for federal agencies and contractors supporting the federal government.
  • More consistent and cost-effective application of security controls across the federal information technology infrastructure.
  • More consistent, comparable, and repeatable security control assessments.
  • A better understanding of enterprise-wide mission risks resulting from the operation of information systems.
  • More complete, reliable, and trustworthy information for authorizing officials facilitating informed security authorization decisions.
  • More secure information systems within the federal government including the critical infrastructure of the United States.