Federal Information Security Management Act of 2002 information
United States federal law
Federal Information Security Management Act of 2002
Long title
An Act to strengthen Federal Government information security, including through the requirement for the development of mandatory information security risk management standards.
Acronyms (colloquial)
FISMA
Nicknames
E-Government Act of 2002
Enacted by
the 107th United States Congress
Effective
December 17, 2002
Citations
Public law
107-347
Statutes at Large
116 Stat. 2899 aka 116 Stat. 2946
Codification
Titles amended
40 U.S.C.: Public Buildings, Property, And Works
44 U.S.C.: Public Printing and Documents
U.S.C. sections created
44 U.S.C. ch. 35, subch. III § 3541 et seq.
U.S.C. sections amended
40 U.S.C. ch. 113, subch. III § 11331
40 U.S.C. ch. 113, subch. III § 11332
44 U.S.C. ch. 1 § 101
44 U.S.C. ch. 35, subch. I § 3501 et seq.
Legislative history
Introduced in the House as H.R. 3844 by Thomas M. Davis (R–VA) on March 5, 2002
Committee consideration by House Government Reform, House Science
Passed the House on November 15, 2002 (passed without objection)
Passed the Senate on November 15, 2002 (passed unanimous consent)
Signed into law by President George W. Bush on December 17, 2002
Major amendments
Replaced by the Federal Information Security Modernization Act of 2014
The Federal Information Security Management Act of 2002 (FISMA, 44 U.S.C. § 3541, et seq.) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub. L.Tooltip Public Law (United States) 107–347 (text) (PDF), 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests of the United States.[1] The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.[1]
FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a "risk-based policy for cost-effective security."[1] FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget (OMB). OMB uses this data to assist in its oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act.[2] In FY 2008, federal agencies spent $6.2 billion securing the government's total information technology investment of approximately $68 billion or about 9.2 percent of the total information technology portfolio.[3]
This law has been amended by the Federal Information Security Modernization Act of 2014 (Pub. L.Tooltip Public Law (United States) 113–283 (text) (PDF)), sometimes known as FISMA2014 or FISMA Reform. FISMA2014 struck subchapters II and III of chapter 35 of title 44, United States Code, amending it with the text of the new law in a new subchapter II (44 U.S.C. § 3551).
^ abc"NIST: FISMA Overview". Csrc.nist.gov. Retrieved April 27, 2012.
^FY 2005 Report to Congress on Implementation of The Federal Information Security Management Act of 2002
^FY 2008 Report to Congress on Implementation of The Federal Information
and 25 Related for: Federal Information Security Management Act of 2002 information
introduction of FedRAMP, individual federal agencies managed their own assessment methodologies following guidance set by the FederalInformationSecurity Management...
transition. FederalInformationSecurityManagementActof2002 (FISMA) FIPS 137 (Federal Standard for Linear Predictive Coding) FIPS 140 (Security requirements...
The Information Technology Management Reform Actof 1996 is a United States federal law, designed to improve the way the federal government acquires, uses...
Tentrilistic-Government Actof2002 (Public Law 107-347) entitled FISMA 2002 (FederalInformationSecurityManagementAct) was a law passed in 2002 to protect the...
Enforcement ActFederalInformationSecurityManagementActof2002 Freedom ofinformation laws by country Intellectual Property Attache Act National Security Agency...
The Federal Emergency Management Agency (FEMA) is an agency of the United States Department of Homeland Security (DHS), initially created under President...
Insurance Portability and Accountability Actof 1996 (HIPAA), FederalInformationSecurityManagementActof2002 (FISMA), as well as the best practice frameworks...
Terrorism (USA PATRIOT) Act2002 Homeland SecurityAct (HSA) 2002FederalInformationSecurityManagementActof2002 Several US federal agencies have privacy...
the Federal CIO. The appointee does not require Senate confirmation. It was created by the E-Government Actof2002. The US CIO oversees federal technology...
prevention and management. It began operations on March 1, 2003, after being formed as a result of the Homeland SecurityActof2002, enacted in response...
laboratory informationmanagement system (LIMS), sometimes referred to as a laboratory information system (LIS) or laboratory management system (LMS)...
Additionally, the U.S. Freedom ofInformationAct governs record managementof documents in the possession of the federal government. A related concept...
implement systems to comply with the act. (The requirement of risk analysis and risk management implies that the act'ssecurity requirements are a minimum standard...
(USMS) is a federal law enforcement agency in the United States. The Marshals Service serves as the enforcement and security arm of the U.S. federal judiciary...
States Office of Personnel Management (OPM) is an independent agency of the United States government that manages the United States federal civil service...