The Federal Information Security Modernization Act (FISMA) requires federal agencies and their contractors to develop, document, and implement information security programs to protect government information and systems. Agencies must categorize systems by impact level, implement NIST-recommended controls, conduct regular risk assessments, and report security metrics to the Office of Management and Budget. FISMA compliance is mandatory for all federal information systems and is assessed through annual audits and continuous monitoring programs. — Browse 5 verified solutions.