NIST logo
Bookmark and Share

Federal Information Security Management Act (FISMA) Implementation Project


The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents include NIST SPs 800-37, 800-53, and 800-53A.

The first phase of the FISMA Implementation Project focuses on the development of the security standards and guidance required to effectively implement the provisions of the legislation. The second phase of the FISMA Implementation Project will focus on the development of a program for credentialing public and private sector organizations to provide security assessment services for federal agencies.


The FISMA Implementation project develops information security standards (Federal Information Processing Standards) and guidelines (Special Publications in the 800-series) for non-national security federal information systems, including the development of:

  • Standards to be used by Federal agencies to categorize information and information systems based on the objectives of providing appropriate levels of information security according to a range of risk levels;
  • Guidelines recommending the types of information and information systems to be included in each category; and
  • Minimum information security requirements (management, operational, and technical security controls) for information and information systems in each such category.

Major Accomplishments:

Phase I:

Phase II:

End Date:


Lead Organizational Unit:



Questions? Send email to the NIST FISMA Team at:

Project Leader:
Dr. Ron Ross

Senior Information Security Researchers:
Arnold Johnson

Patricia Toth

Matthew Scholl

Kelley Dempsey

Peggy Himes

Public and Business Affairs:
Evelyn Brown


Related Programs and Projects:

For more information regarding the Federal Information Security Management Act (FISMA) Implementation Project, please visit the Computer Security Resource Center (CSRC).


Ronald S. Ross
(301) 975-5390

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930