Question from Prospect – How does FISMA relate to NIST?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

How does FISMA relate to NIST? This question has relevance to many organizations, so we wanted to share the response.  We’ll start with explaining the terms within this question.

FISMA is the Federal Information Security Management Act of 2002.  FISMA requires each federal agency to develop, document and implement an agency-wide cyber security program

NIST is the National Institute of Standards and Technology.  NIST’s role is to develop information security standards or FIPS (Federal Information Processing Standards) and guidelines call Special Publications (SPs) that categorize types of information and provide guidelines to protect them.

NIST is also responsible to review and vet the FISMA the security standards to insure that they are technically correct and implementable by  federal agencies.  The review process includes feedback from public and private sector who may be affected, NIST’s own internal review, and outreach to cyber security professionals.

Does NIST only relate to FISMA compliance?  Not at all.  NIST Special Publication 800-53 and the NIST Cybersecurity Framework form the basis for many other compliance requirements, including CJIS, PCI, HIPAA and 23 NYCRR 500.  Even if you do not fall under any compliance mandates, these publications are available to you to assist you in developing a cyber security program of your own.  Foresite typically uses NIST as our framework to evaluate the cybersecurity maturity of clients who don’t have compliance mandates.

Do you have a question for our cybersecurity and compliance team?  Please submit here for a personal response, and we may share it in a future blog.

Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform