NIST, or the National Institute of Standards and Technology, develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) and in managing cost-effective programs to protect their information and information systems.
Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use.
FISMA compliance requires the thoughtful selection and employment of stringent security controls for federal information systems using a risk-based approach to protect critical federal missions and business functions. In addition to technology-based controls such as access control, identification and authentication, audit and accountability, encryption, and system and communications protection, there are also management and operational controls that address important security areas such physical security, personnel security, continuity of operations, awareness and training, incident response, security planning, system integrity, and acquisition.
Network security becomes the cornerstone of upholding FISMA. Carolinas IT can consult and perform a Security Risk Assessment and Mobile Device Management Assessment to help federal agencies uphold the FISMA standards.