This act was implemented to protect government information, operations and assets against natural or man-made threats.
FISMA defines nine steps for ensuring compliance:
- Define the information under a class that needs to be protected
- Define the baseline controls
- Define a risk-assessment procedure and use it to manipulate the controls if needed
- Create a system security plan and define the controls for it
- Implement the controls on the systems
- Verify the efficiency of the security controls
- Find the level of risk for business process
- Author the systems
- Monitor the controls on a periodic basis