× Search
ServicesSecurity ComplianceFISMA

The Most Important FISMA Compliance Requirements

  • Every federal agency or contractor working with the government is required to list all the information systems operated by the organization and classify how they integrate within their network.
  • Organizations are required to catalogue their information and information systems by level of risk. This makes sure the highest level of security is given to the sensitive data where it’s needed most. FISMA standards help determine which information systems can be used based on their risk levels.
  • FISMA requires agencies to create a maintained security plan that covers things like the security controls and policies within the organization and an outlook on further controls as updated are needed.
  • FISMA instructs agencies to implement specific security controls from NIST SP 800-53 standards that pertain to the needs of their organization and systems. Once these controls satisfy the security requirements, they must be documented in their system security plan.
  • Risk assessments are essential to meeting FISMA’s information security requirements as they help detect security vulnerabilities from the organizational, business process, and information system level.
  • FISMA requires program officials to conduct annual security reviews to minimize risks. FISMA Certification and Accreditation (C&A) can be achieved by following these steps: initiation and planning, certification, accreditation, and continuous monitoring.

The Benefits of FISMA Compliance

FISMA compliance improves the protection of sensitive federal information. It does this by monitoring FISMA regulations continuously allowing agencies to eliminate vulnerabilities quickly and cost effectively.

Companies who do business with federal agencies benefit from FISMA compliance by increasing their chances of gaining new business deals from federal agencies. Compliance with FISMA enables companies to implement a majority of the security best practices required by FISMA.

Penalties for FISMA Non-Compliance

For those government agencies or associated private companies that fail to comply with FISMA there are a range of potential penalties including censure by congress, reduced federal funding, and damage to your reputation.



The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that required federal agencies to develop, document, and implement an information security program. FISMA was implemented to reduce the security risk to federal information and cost of managing this information security. FISMA established a set of guidelines and security standards that apply to federal agencies, state agencies administering federal programs, and any private businesses that have a contract with the government.

Contact RB Advisory

Terms Of UsePrivacy StatementCopyright 2019 by RB Advisory LLC
Back To Top