The Federal Information Security Management Act (FISMA) is a United States federal law that requires federal agencies – and the vendors and contractors that serve them – to protect federal data and information systems using defined security standards. FISMA compliance is based on frameworks developed by the National Institute of Standards and Technology (NIST), particularly NIST SP 800-53 and 800-37. Agencies must also tailor these controls based on the risks associated with their missions and operational environments.

In the context of maintenance management, federal agencies using a CMMS that stores or processes federal maintenance data must adhere to FISMA standards.

<< Back to Maintenance Glossary