Basic%20Requirements%20of%20FISMA

1
Basic Requirements of FISMA

• Roles Responsibilities
• Agency Head
• CIO
• Agency Security Officer

• Security Program
• Periodic risk assessments
• Policies and procedures
• Security plans
• Security awareness training
• Periodic testing evaluation
• Remediation activities
• Incident response capabilities
• Continuity of operations

• Annual Security Review
• Determine sufficiency of security program
• Independent Evaluation (e.g., IG)
• Safeguard evaluation data

• Annual Reporting
• Reports from CIO IG
• Report material weaknesses
• Provide performance plans

3544(c), 3545 (e)
3544(a)
3544(c), 3545 (e)
3544(b)