The Federal Information Security Management Act of 2002 (FISMA) is federal law that establishes extensive information security requirements for federal agencies, including that agencies implement a documented information security program that incorporates requirements set forth in IPS 199, FIPS 200, and NIST SP 800-37, 800-53, 800-59, 800-47, 800-60, 800-160, 800-137, 800-137A, 800-18.

FISMA’s requirements extend to any information assets or systems managed by a private contractor.

Compliance Tip: FISMA was updated by the Federal Information Security Modernization Act of 2014.