Understanding FISMA
FISMA is an acronym that stands for Federal Information Security Management Act. It is a law that was passed in the United States in 2002 that sought to regulate federal agencies and ensure that they took up measures that protected sensitive data in their possession. The National Institute of Standards and Technology (NIST) is tasked with maintaining and updating the laws and documents that ensure FISMA compliance. NIST ensures that federal agencies comply with the minimum standards that are required for information security plans as the necessary procedures that ensure this is possible. The organization tells the various federal agencies the types of systems they can use, as well as approves the vendors the federal agencies can work with. The list of approved vendors is carefully vetted by NIST to ensure that they have secure products and that they help the federal agencies protect their sensitive data. Also, NIST assesses risks and standardizes the risk assessment...
