The Federal Information Security Management Act of 2002 is a United States federal law that recognizes the importance of information security to the economic and national security interests of the United States. According to the act Information Security means protecting the information and information systems from all forms of unauthorized access, use, disclosure, disruption, modification or destruction, in order to provide confidentiality, integrity and availability of the system.

The Act requires each federal agency, including those that contract or provide services on behalf of or for a federal agency, to document, develop and implement security plans and regularly review them.

The Information Security and Policy Office has a documented compilation of resources, policy information and descriptions encompassing the overall (enterprise) information security environment at The University of Iowa. Researchers are expected to develop individual plans, scoped to the specific environment requiring the completion of a System Security Plan (SSP), as a requirement of the Federal Information Security Management Act (FISMA) of 2002.


Researchers facing federal regulatory compliance and needing assistance in developing and implementing a SSP are encouraged to contact the Information Security and Policy Office (5-6332) or e-mail: it-security@uiowa.edu to discuss their needs and get a copy of a FISMA template.

Related resources.

uifismaenterpriseplan.pdf
Federal Information Security Management Act http://csrc.nist.gov/groups/SMA/fisma/overview.html