Federal Information Security Management Act of 2002

The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107-347, 116 Stat. 2899). The act was meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.

FISMA has brought attention within the federal government to cyber security which had previously been much neglected. As of February 2005, many government agencies received extremely poor marks on the official report card, with an average of 67.3% for 2004, an improvement of only 2.3 percentage points over 2003.

FISMA imposes a mandatory set of processes that must be followed for all information systems used or operated by a U.S. federal government agency or by a contractor or other organization on behalf of a federal agency. These processes must follow a combination of Federal Information Processing Standards (FIPS) documents, the special publications SP-800 series issued by NIST, and other legislation pertinent to federal information systems, such as the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act.


For more information, visit:

NIST's Information on FISMA


  • University of Cincinnati UCIT Office of Information Security
  • University Hall
  • 51 Goodman Drive
  • Cincinnati, OH 45221