This is a potential security issue, you are being redirected to https://csrc.nist.gov.
The Federal Information Security Management Act (FISMA) [FISMA 2002], part of the E-Government Act (Public Law 107-347) was passed in December 2002. FISMA 2002 requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other sources.
The Federal Information Security Modernization Act of 2014 amends FISMA 2002, by providing several modifications that modernize federal security practices to address evolving security concerns. These changes result in less overall reporting, strengthens the use of continuous monitoring in systems, increases focus on the agencies for compliance and reporting that is more focused on the issues caused by security incidents. FISMA 2014 also required the Office of Management and Budget (OMB) to amend/revise OMB Circular A-130 to eliminate inefficient and wasteful reporting and reflect changes in law and advances in technology.
FISMA, along with the Paperwork Reduction Act of 1995 and the Information Technology Management Reform Act of 1996 (Clinger-Cohen Act), explicitly emphasizes a risk-based policy for cost-effective security. In support of and reinforcing FISMA, the Office of Management and Budget (OMB) through Circular A-130, “Managing Federal Information as a Strategic Resource,” requires executive agencies within the federal government to:
Federal agencies need to provide information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of:
Also, federal agencies need to “com[ply] with the information security standards” and guidelines, and mandatory required standards developed by NIST.
Federal agencies, contractors, or other sources that provide information security for the information and information systems that support the operations and assets of the agency.
As defined in FISMA 2002, "[t]he term ‘Federal information system’ means an information system used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency."
Formed in 2009, the Joint Task Force (JTF) Transformation Initiative includes representatives from NIST, the Department of Defense (DOD), the Office of the Director of National Intelligence (ODNI), and the Committee on National Security Systems (CNSS). The mission of the JTF is to produce a unified information security framework for the federal government that can serve as the common foundation for risk management and systems security for both non-national security systems and national security systems. NIST develops information security/cybersecurity standards and guidance for non-national security systems. CNSS provides policy, directives, and instructions for national security systems. CNSS issuances authorize use of NIST guidance developed by the JTF and develops additional requirements to accommodate national security systems.
Led by NIST, the JTF authors a series of information security/cybersecurity and privacy guidelines to minimize duplication of effort, improving coordination and collaboration, and promote more effective implementation of risk management practices across the federal government.
JTF publications include: