The Federal Information Security Management Act of 2002 (FISMA)

The Federal Information Security Management Act of 2002 (FISMA) represents something of a milestone in the world of Cyber Security. Prior to 2002, whilst it was clearly advisable for all Federal Agencies to adopt some sort of formal Cyber Security program, it wasn’t until the FISMA act was passed that this became a requirement. It will be interesting to see if similar requirements become legislation for corporate America! One to watch perhaps?

There is some confusion as to whether or not FISMA is in itself a security framework. Whilst it can be regarded as a framework in so much as it provides direction, it does not provide the actual controls and guidelines that agencies must follow in order to fulfil their obligations. Those guidelines are provided by The National Institute of Standards and Technology (NIST).



FISMA requires government agencies to implement an information security program that effectively manages risk. NIST provides the specific guidance for complying with FISMA.

What is interesting about this approach is that it establishes formal guidance that ensures agencies fulfill their cyber security requirements whilst also prioritizing the importance of a ‘Risk Based’ approach, which not only creates a program fit for purpose depending on circumstance but also draws particular focus to ‘cost effective’ security.

More recently in 2011, the US Government confirmed the Federal Risk and Authorization Program (FedRAMP) as further legislative guidance for Government Cloud services. This act includes Government Agencies, Suppliers and Service Providers.

To make life easy, think of FedRAMP as FISMA for the Cloud.

For more details about the specific guidelines for FISMA and FedRAMP use the links below:

NIST 800-53 SP
NIST 800-53 | NIST 800-171

Additional Resources
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.