The National Coordination Office for Networking Information Technology Research and Development (NCO/NITRD) has met the requirements of Federal Information Security Management Act (FISMA) and is compliant as of February 4, 2010.
FISMA is a States Federal law enacted in 2002. IT focuses on the importance of information security by implementing appropriate security controls to protect information and information systems that support the operations and assets of the agency. FISMA requirements include developing, documenting and implementing an agency wide information security program which includes:
- Risk Assessments
- Policies and Procedures
- Plans that provide adequate information security
- Security awareness training
- Periodic testing and evaluation (ST&E)
- Vulnerability assessment and remediation
- Continuity of Operations Plan
The FISMA Certification and Accreditation process is only required for Government Agencies; however, the NCO/NITRD (a Federal inter-agency program) recognizes the importance of security and the value added of FISMA. The NITRD Subcommittee authorized funding for FISMA in 2009 and NCO/NITRD is committed to FISMA and will renew its C&A status triennially.
