The Federal Information Security Management Act is Title III of the E-Government Act of 2002 of United States federal law enacted in 2002. FISMA Act focuses on the development, documentation, and implementation an Information Security Program.
Federal Information Security Management Act of 2002
Act was formulated to emphasize on the importance of information security of the United States in concern with the economic and national security interests. FISMA act as a framework to protect the government (federal) information, operations and assets against natural or man-made threats. FISMA Act provides security to the information and information systems. It also covers services provided or managed by another agency, contractor, or other source.
FISMA specifies the need of conducting yearly Information Security Reviews as part of the Risk Assessment in order to manage the risks in an efficient, cost effective and proactive manner.
As per FISMA, information security program should focus on the following points:
- Periodic risk assessments
- Policies and procedures based on the organizational interests and risks assessments
- Subordinate plans for security of networks, facilities, information systems, or groups of information systems, as appropriate
- Security awareness training for the personnel (including contractors) towards the organizational policies and procedures
- Regular testing and evaluation of the information security policies, procedures, practices, and security controls
- Continual improvement in information security policies, procedures, practices and security control through planning, implementing, evaluating, and documenting remedial actions
- Incidents Management
- Ensuring continuity of operations for information systems that support the operations and assets of the organization.
Implementation of FISMA requires policies and procedures as per the organizational structure and roles and responsibilities and type of risks and threat that are faced by the organization. DQS India provides implementation guidance for FISMA to the organizations.
We have Security Experts with years of experience of working with different Security Standards, Technologies and Domains. We can help in the development of policies and procedures from the scratch, provide guidance for implementation leading to the implementation assessments.