Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The New FISMA Standards and GuidelinesChanging the Dynamic of Information Security for the Federal Government



Ronald S. Ross, Stuart W. Katzke, Patricia R. Toth


The Federal Information Security Management Act (FISMA) of 2002 places significant requirements on federal agencies for the protection of information and information systems; and places significant requirements on the National Institute of Standards and Technology (NIST) to assist federal agencies to comply with FISMA. In response to this important legislation, NIST is leading the development of key information system security standards and guidelines as part of its FISMA Implementation Project ( This high-priority project includes the development of security categorization standards; standards and guidelines for the specification, selection, and testing of security controls for information systems; guidelines for the certification review and accreditation of information systems; and guidelines for the continuous monitoring of controls to ensure they continue to operate as intended. This paper includes a discussion of NIST s FISMA risk management framework (RMF) and the suite of related standards and guidelines being developed by NIST to help federal agencies comply with FISMA requirements (i.e., the FISMA suite of documents). In addition, the paper discusses how agency systems will benefit from applying the FISMA RMF, and why the FISMA RMF and the related suite of standards and guidelines should be of interest to other government sectors (e.g., DoD) and to the commercial sector.
Proceedings Title
MILCOM | 2005
Conference Dates
October 17-20, 2005
Conference Title


assurance requirements, certification and accreditation, common security controls, organizational responsibilities, risk assessment, security categorization, security control assessment, security control baselines, security controls


Ross, R. , Katzke, S. and Toth, P. (2005), The New FISMA Standards and GuidelinesChanging the Dynamic of Information Security for the Federal Government, MILCOM | 2005 (Accessed May 30, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 19, 2005, Updated February 19, 2017