Skip to content
Home / Function (NIST CSF 2.0) / GV - Govern

US Federal Information Security Modernization Act of 2014 (FISMA)

This document focuses on:

FISMA is a critical U.S. federal law that defines a comprehensive framework for protecting government information, operations, and assets against natural or man-made threats. It mandates that federal agencies develop, document, and implement agency-wide information security programs, extending these requirements to any third-party contractors or vendors handling federal data. The Act is foundational to cybersecurity because it institutionalizes the NIST Risk Management Framework (RMF), requiring agencies to categorize information systems by impact level and implement specific security controls. Key cybersecurity topics relevant to FISMA include Continuous Monitoring, Incident Response, Vulnerability Management, and Configuration Management. By shifting the focus from static, “check-the-box” compliance to a risk-based approach, FISMA ensures that the Confidentiality, Integrity, and Availability (CIA) of federal data are maintained through ongoing authorization and real-time security posture reporting.


Publication's URL

https://www.congress.gov/bill/113th-congress/senate-bill/2521/text

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *