Ad blocker interference detected!
Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers
Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.
The Federal Information Security Management Act of 2002 provides that:
- Each agency shall develop, document, and implement an agencywide information security program, approved by the Director under section 3543(a)(5), to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source, that includes —
- (1) periodic assessments of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the agency;
- (2) policies and procedures that —
- (A) are based on the risk assessments required by paragraph (1);
- (B) cost-effectively reduce information security risks to an acceptable level;
- (C) ensure that information security is addressed throughout the life cycle of each agency information system; and
- (D) ensure compliance with —
- (i) the requirements of this subchapter;
- (ii) policies and procedures as may be prescribed by the Director, and information security standards promulgated under section 11331 of title 40;
- (iii) minimally acceptable system configuration requirements, as determined by the agency; and
- (iv) any other applicable requirements, including standards and guidelines for national security systems issued in accordance with law and as directed by the President;
- (3) subordinate plans for providing adequate information security for networks, facilities, and systems or groups of information systems, as appropriate;
- (4) security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of —
- (5) periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices, to be performed with a frequency depending on risk, but no less than annually, of which such testing —
- (6) a process for planning, implementing, evaluating, and documenting remedial action to address any deficiencies in the information security policies, procedures, and practices of the agency;
- (7) procedures for detecting, reporting, and responding to security incidents, consistent with standards and guidelines issued pursuant to section 3546(b), including —
- (A) mitigating risks associated with such incidents before substantial damage is done;
- (B) notifying and consulting with the Federal information security incident center referred to in section 3546; and
- (C) notifying and consulting with, as appropriate —
- (8) plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the agency.
- ↑ 44 U.S.C. §§3544(b)(1-8).