The Federal Information Security Management Act (FISMA)
was signed into law on December 17, 2002 as part of the E-Government Act
of 2002 (Public Law 107-347). FISMA permanently reauthorized
the framework laid out in the Government Information Security Reform Act (GISRA) of 2000, which expired in November 2002. FISMA is divided into multiple sections, each of which will be briefly described in this section.
Purpose
FISMA was built upon several existing federal
laws designed to ensure the security of federal information and
information systems. These federal laws include the Computer Security Act
of 1987 (Public Law 100-35), Paperwork Reduction Act of 1995 (Public Law 104-13), and Information Technology
Management Reform Act of 1996
(i.e., Clinger-Cohen Act, Public Law 104-106, Division E). The purpose of FISMA, as outlined in Section 3541, is
covered in six major objectives
1. Establishment of a framework for ensuring the effectiveness
of security controls;
2. Development of mechanisms for effective government-wide
management and oversight of security-related risks;
3. Development and maintenance of a minimum set of
required security controls;
4. Improvement of oversight of information security programs;
5. Utilization of commercially developed information security
products for protecting critical information infrastructures; and
6. Selection of commercially developed information security
solutions should be left to individual federal agencies.
No comments:
Post a Comment