FISMA is the Federal Information Security Management Act. The FISMA Implementation Project was established during early 2003 in order to develop a range of crucial security guidelines and standards as required by Congressional legislation. Such publications constitute FIPS 200 and FIPS 199 together with the NIST Special Publications 800-59, 800-53, and 800-60.

The development of security guidance materials support the actual project, but this is not directly required through the FISMA legislation. These publications constitute the NIST Special Publications 800-53, 800-53A, and 800-37. The actual Computer Security Division constantly produces other security guidelines and standards to support the FISMA project.


The FISMA project aims to create the following:

  • Minimum security standards for information together with information systems
  • Categorical information procedures plus information system standards through mission impact
  • Assessment guidelines regarding information security control systems together with identifying the effectiveness of such security control measures
  • Guidelines for determining suitable information control systems
  • Guidelines for the certification together with the accreditation of actual information systems

The FISMA project developers seek to attain the following from the aforementioned goals:

  • Establishing security diligence levels for the federal agencies together with contractors which support the federal government
  • Implementing risk-based and cost-effective information security control measures
  • Attaining higher consistency levels regarding workable assessment procedures for security control measures
  • Coming up with higher consistency levels when it comes to the application of functional security control measures throughout the structural information technology of the Federal government
  • Developing reliable and comprehensive authorizing standards for facilitators who seek to make highly informed decisions when it comes to security accreditation
  • Promoting enterprise-wide mission risk knowledge management based from structural information system control measures