The Federal Information Security Management Act (FISMA) requires that all federal agencies document and implement controls for information technology systems that support their operations and assets.
9 Steps for FISMA Compliance
The National Institute of Standards and Technology (NIST) outlines nine steps for FISMA compliance:
-
Categorize the information to be protected
-
Select minimum base controls
-
Refine controls using risk-assessment procedures
-
Document the controls in the system security plan
-
Implement security controls in the appropriate information systems
-
Assess the effectiveness of the security controls once they have been implemented
-
Determine the agency-level risk to the mission or business case
-
Authorize the information system for processing
-
Monitor the security controls on a continuous basis
This guide includes the following topics: