The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program. FISMA is part of the larger E-Government Act of 2002 introduced to improve the management of electronic government services and processes.
FISMA compliance has increased the security of sensitive federal information. Continuous monitoring for FISMA compliance provides agencies with the information they need to maintain a high level of security and eliminate vulnerabilities in a timely and cost-effective manner.
Companies operating in the private sector – particularly those who do business with federal agencies – can also benefit by maintaining FISMA compliance. This can give private companies an advantage when trying to add new business from federal agencies, and by meeting FISMA compliance requirements companies, can ensure that they’re covering many of the security best practices outlined in FISMA’s requirements.