RNT logo

RNT Professional Services, LLC

Veterans Defending The Digital Universe

Federal Information Security Management Act




What is it?


The Federal Information Security Management Act (FISMA) was signed into law in 2002 as part of the Electronic Government Act. Recognizing that both the national and economic security of United States is grounded on having a robust information security infrastructure, FISMA compels each federal agency to build and implement programs to ensure the security (confidentiality, integrity, and availability) of the agency’s information. The law applies to all federal agencies, their contractors, and anyone else that handles the information used to support the operations of the agency. FISMA relies on the security categorizations and definitions provided by Federal Information Processing Standard (FIPS) (199, 200) in order to fulfill its goal of ensuring confidentiality, integrity and availability of federal information.


How does this affect small business?


Under the interim rule issued in December 2015, DoD contractors must adhere to two basic cyber security requirements. Companies need to be fully compliant by December 31, 2017. They must provide adequate security to safeguard covered defense information that resides in or transits through their internal unclassified information systems from unauthorized access and disclosure. They must also rapidly report cyber incidents and cooperate with DoD to respond to these security incidents, including access to affected media and submitting malicious software.



Read more about FISMA on our blog.