Federal Information Security Management Act (FISMA).
Compliance for federal government agencies and entities that support their operations and assets falls under the Federal Information Security Management Act (FISMA). Acting as the standard-setter, the National Institute of Standard Technology (NIST) issues guidance on how agencies and related partners must develop, document and implement information security programs. NIST categorizes the objectives according to appropriate levels of information security based on risk. It identifies minimum security information requirements, management, operational and technical security controls for information and information systems in each category.