Published: January, 2010 - For the past eight years, government agencies have struggled to comply with the requirements of the Federal Information Security Management Act of 2002 (FISMA).1
The goal of FISMA is to control information security as it impacts national security and the economic interests of the United States. Compliance obligates each U.S. federal government agency to "develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source."2
The question before federal agencies is: How can they meet the requirements of FISMA in a cost-efficient but effective manner?
Achieving economies in FISMA compliance requires government agencies to take a risk-based approach to managing information security.