FISMA Compliance


The Federal Information Security Management Act of 2002, or FISMA, requires the protection of data that is created, stored or accessed by the federal government.

Federal information systems contain confidential information and are subject to frequent threats, thus necessitating FISMA, although skills-starved government agencies have experienced consistent difficulties shoring up their weaknesses. The good news is Kairos Vision Consult can help you respond to FISMA’s prescriptive requirements.

FISMA: Fast Facts and Consequences

  • FISMA decrees that a comprehensive information security program should include, among other things, continuous monitoring and procedures for detecting, reporting and responding to incidents.
  • The Federal Information Security Modernization Act of 2014 amended the Federal Information Security Management Act of 2002 with several changes, including introducing incident reporting requirements and invoking authority for the U.S. Department of Homeland Security.
  • The federal Office of Management and Budget annually reports to Congress on the status of FISMA compliance across the federal government. (FISMA also applies to state government agencies that administer federal programs, in addition to private vendors that maintain contracts with the federal government.)
  • Penalties for non-compliance include reduction in federal funding and censure from future contracts by Congress, as well as possible reputational harm should an incident occur.

Tailored for Your Organization

Our risk governance framework, powered by compliance and security expertise, will help identify your gaps and let you know what you need to do to get secure and compliant.

error: Content is protected !!