Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is the Federal Information Security Management Act (FISMA) mentioned in the Federal Acquisition Regulations?

acquisition ACT Federal FISMA Management mentioned regulations security
0
Posted

Is the Federal Information Security Management Act (FISMA) mentioned in the Federal Acquisition Regulations?

0 CommentsAdd a Comment

1 Answer

0

Yes. There is a strong reference to FISMA in the FAR. The FAR link is provided at: http://www.acquisition.gov/far. Page 7.1-2, FAR Section 7.103 states: “Agency-head responsibilities— The agency head or a designee shall prescribe procedures for ensuring that agency planners on information technology acquisitions comply with the information technology security requirements in the Federal Information Security Management Act (44 U.S.C. 3544), OMB’s implementing policies including Appendix III of OMB Circular A-130, and guidance and standards from the Department of Commerce’s National Institute of Standards and Technology.” Therefore, the FAR points to FISMA, OMB Circular A-130, and the security standards and guidance developed by the National Institute of Standards and Technology at the Department of Commerce. The NIST security standards and guidance can be found on the Computer Security Division web site at http://csrc.nist.gov with specific information on the FISMA Implementation Proj

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123