FISMA

The Federal Information Security Modernization Act of 2014 (FISMA) amends the earlier Federal Information Security Management Act of 2002 to "explicitly emphasizes a risk-based policy for cost-effective security."^[1]
Requires federal agencies to provide "information security protections" for:
- Information gathered or maintained by or on behalf of an agency
- Information systems used or operated by anyone remotely associated with a federal agency
FISMA applies to "Federal agencies, contractors, or other sources that provide information security for the information and information systems... [in support of] the agency."^[2]

Metadata