NIST logo
*

Federal Information Security Management Act (FISMA) Implementation Project

Summary:

The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents include NIST SPs 800-37, 800-53, and 800-53A.

The first phase of the FISMA Implementation Project focuses on the development of the security standards and guidance required to effectively implement the provisions of the legislation. The second phase of the FISMA Implementation Project will focus on the development of a program for credentialing public and private sector organizations to provide security assessment services for federal agencies.

Description:

The FISMA Implementation project develops information security standards (Federal Information Processing Standards) and guidelines (Special Publications in the 800-series) for non-national security federal information systems, including the development of:

  • Standards to be used by Federal agencies to categorize information and information systems based on the objectives of providing appropriate levels of information security according to a range of risk levels;
  • Guidelines recommending the types of information and information systems to be included in each category; and
  • Minimum information security requirements (management, operational, and technical security controls) for information and information systems in each such category.

Major Accomplishments:

Phase I:

Phase II:

End Date:

ongoing

Lead Organizational Unit:

itl

Staff:

Questions? Send email to the NIST FISMA Team at:
sec-cert@nist.gov

Project Leader:
Dr. Ron Ross
301-975-5390
rross@nist.gov

Senior Information Security Researchers:
Arnold Johnson
301-975-3247
arnold.johnson@nist.gov

Patricia Toth
301-975-5140
ptoth@nist.gov

Matthew Scholl
301-975-2941
matthew.scholl@nist.gov

Kelley Dempsey
301-975-2827
kelley.dempsey@nist.gov

Administration:
Peggy Himes
301-975-2489
peggy.himes@nist.gov

Public and Business Affairs:
Evelyn Brown
301-975-5661
evelyn.brown@nist.gov

 

Related Programs and Projects:

For more information regarding the Federal Information Security Management Act (FISMA) Implementation Project, please visit the Computer Security Resource Center (CSRC).

Contact

Ronald S. Ross
(301) 975-5390
ronald.ross@nist.gov

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930