FISMA Implementation Project FISMA

Project Overview

The FISMA Implementation Project was established to produce key security standards and guidelines required by Congressional legislation.  This suite of publications provide organizations the guidance necessary to develop, implement and maintain organization-wide, risk-based security and privacy programs.

Publications include FIPS 199, FIPS 200, and NIST Special Publications 800-37 (the Risk Management Framework), 800-53, 800-59, 800-47, 800-60, 800-160, 800-137, 800-137A, 800-18. Additional security guidance documents supporting this project include NIST Special Publications 800-30, 800-34, 800-61, 800-128, 800-39, 800-53A and NIST Interagency Report (IR) 8011 and NIST IR 8062. The Computer Security Division continues to produce other security and privacy standards and guidelines that support FISMA; they are available at CSRC publications.

Our Vision

To promote the development of key risk management standards and guidelines to support the implementation of and compliance with the Federal Information Security Modernization Act including:

  • Standards for categorizing information and systems by mission impact
  • Standards for minimum security requirements for information and systems
  • Guidance for selecting appropriate controls for systems
  • Guidance for assessing controls in systems and determining  control effectiveness
  • Guidance for the authorization of systems
  • Guidance for monitoring the controls and the authorization of systems

Leading To…

  • The implementation of cost-effective, risk-based information security and privacy programs
  • The establishment of a level of security due diligence for federal agencies and contractors supporting the federal government
  • More consistent and cost-effective application of controls across the federal information technology infrastructure
  • More consistent, comparable, and repeatable control assessments
  • A better understanding of enterprise-wide mission risks resulting from the operation of systems
  • More complete, reliable, and trustworthy information for authorizing officials--facilitating more informed authorization decisions
  • More secure systems within the federal government including the critical infrastructure of the United States

The Federal Information Security Management Act of 2002 was updated in Public Law 113 to Federal Information Security Modernization Act of 2014.  For more information, see FISMA Background.

Created November 30, 2016, Updated December 03, 2020