Federal Information Security Management Act (FISMA)

This act was implemented to protect government information, operations and assets against natural or man-made threats.

FISMA defines nine steps for ensuring compliance:

1. Define the information under a class that needs to be protected
2. Define the baseline controls
3. Define a risk-assessment procedure and use it to manipulate the controls if needed
4. Create a system security plan and define the controls for it
5. Implement the controls on the systems
6. Verify the efficiency of the security controls
7. Find the level of risk for business process
8. Author the systems
9. Monitor the controls on a periodic basis