What is the purpose of the Federal information security Management Act?
The Federal Information Security Management Act of 2002 (FISMA) is a law requiring protection of the sensitive data created, stored, or accessed by the Federal Government or any entity on behalf of the Federal Government. The law established a formal Certification and Accreditation (C&A) process that requires a minimum set of security controls and a formal audit prior to obtaining an "Authority to Operate", or ATO. In April 2010, the Office of
Management and Budget issued a Memorandum requiring each Federal Agency to report its FISMA activities to Congress. This memo also reiterated the requirement that Agencies include FISMA requirements in ALL contracts involving sensitive data, as well as grants where sensitive information is created, accessed, or stored on behalf of the Federal Government. Compliance with FISMA may be a requirement of a government contract and possibly a grant. The FISMA process recognizes that not
all sensitive information has the same level of risk and has identified three security categories to identify systems: Low, Moderate, and High. Guidance StatementIn the course of preparing grant applications or conducting a sponsored project, Dartmouth's faculty, staff and students may plan to collect information that may include both academic, research, protected health or personal related data. Dartmouth and its employees, under U.S federal and state data privacy and security laws, have an obligation to implement appropriate safeguards to protect such confidential information residing both inside and outside of the United States. For a particular sponsored project, there may be requirements placed by external entities on the use of their data and data sets for the protection of human subject research. In addition, certain funding announcements may include complex terms such as Federal Information Security Management Act (FISMA), NIST 800-53, and the Family Educational Rights and Privacy Act (FERPA). Recommended Procedures
Audience for Guidance
Resources
Policy and Regulatory References
Last Updated What is the purpose of information security management?Information security management is the process of protecting an organization's data and assets against potential threats. One of the primary goals of these processes is to protect data confidentiality, integrity, and availability.
Why FISMA was created for the federal government?FISMA was created for several reasons. One, it was designed to protect sensitive information held by the government. Compliance is mandatory for federal agencies as well as state agencies that administer federal programs such as Medicare.
What is FISMA specify any act of it?FISMA allows for: An increase in the security of federal information, both within federal and state agencies. Any business within the private sector to ensure that they're using the best security policies. More baseline controls and security plans, and more of an ability to respond to vulnerabilities.
Who is subject to FISMA?Federal Information Security Management Act (FISMA) applies to all agencies within the U.S. federal government. However, since the law was enacted in 2002, the government expanded FISMA to include state agencies administering federal programs such as unemployment insurance, student loans, Medicare, and Medicaid.
|