Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > System Security & Reliability > Security Standards, Frameworks and Guidelines > Federal Information Security Management Act

Federal Information Security Management Act

The Federal Information Security Management Act was passed as part of the Homeland Security Act of 2002 and the E-Government Act of 2002. The act requires every government agency to secure the information and information systems that support its operations and assets, including those provided or managed by another agency, contractor, or other source. The FISMA defines three security objectives for information and information systems: Confidentiality, Integrity and Availability. Although FISMA is only applicable to the government sector a review of their approach to compliance with the act can also be useful for members in private industry, since compliance emphasizes a risk-based approach for cost-effective security. The National Institute of Standards and Technology has been charged with developing the implementation guidance to be used by Federal Agencies and other parties who need to comply with this Act. This guidance is also an excellent resource for organizations in the private sector as they define, develop, and assess their security programs.