Federal Information Security Modernization Act [FISMA]

As the recent breach of the U.S. Office of Personnel Management demonstrates, the numerous agencies within the U.S. government are prime targets for cybersecurity attacks and other incidents that put sensitive data at risk. The federal government knows it has a bull’s-eye on its information systems, so Congress has enacted various pieces of legislation designed to bolster cybersecurity. One such law is the Federal Information Security Management Act of 2002 (FISMA), and its December 2014 update, Public Law 113-283.

The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for its information systems and data within to support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. According to FISMA, the term “information security” means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.