Skip to main content
Skip table of contents

Federal Information Security Management Act (FISMA) Compliance

The Federal Information Security Management Act (FISMA) requires that all federal agencies document and implement controls for information technology systems that support their operations and assets.

9 Steps for FISMA Compliance

The National Institute of Standards and Technology (NIST) outlines nine steps for FISMA compliance:

  • Categorize the information to be protected
  • Select minimum base controls
  • Refine controls using risk-assessment procedures
  • Document the controls in the system security plan
  • Implement security controls in the appropriate information systems
  • Assess the effectiveness of the security controls once they have been implemented
  • Determine the agency-level risk to the mission or business case
  • Authorize the information system for processing
  • Monitor the security controls on a continuous basis

This guide includes the following topics:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.