FISMA & NIST RMF

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

FISMA

The Federal Information Security Modernization Act of 2014, which updated the original 2002 statute and requires every federal agency to develop, document, and implement an agency-wide information security program. FISMA assigns NIST the authority to develop the standards (FIPS 199, FIPS 200) and guidelines (the SP 800 series) that operationalize the law, and assigns OMB and CISA the oversight and reporting roles. Annual FISMA scores are reported to Congress.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.