FISMA is a US federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act incorporates the need for federal information security to continuous economic prosperity and national security. The act mandates that all federal agencies develop, document, and implement an agency-wide program to secure the information and information systems that support their operations and assets.
FISMA has drawn much attention to cybersecurity and has specifically emphasized a risk-based policy for effective and sustainable security. FISMA requires officials, CIO’s and Inspectors General (IGs) to conduct annual reviews of information security programs and report the results to Office of Management and Budget.