Home | Email: info@fismacenter.com | Tel: 202-997-0148    

 About Us
 FISMA Services
 The FISMA Book
 FISMA Resources
 CFCP
 FISMA Training
 Previous Clients
 FISMAtraq Discussion List
 Recruiters
CFCP Login:        | Password Retrieval:       


FISMA Resources
The following links provide a wealth of information about FISMA and Certification & Accreditation:

  • C&A Certified PKI Providers Across U.S. Federal Agencies
  • Certification and Accreditation 101
  • Clinger-Cohen Act
  • DIACAP to DoD Risk Management Framework Transition
  • DoD Certification and Accreditation Process – EOL
  • DoDI 8510.01- Risk Management Framework (RMF) for DoD IT
  • DCID 6/3 Protecting Sensitive Compartmentalized Information Manual
  • DCID 6/3 Policy
  • DCID 6/3 Appendices
  • E-Government Act (Public Law 107-347)
  • Federal Information Security Management Act
  • Federal Records Management
  • Federal Risk and Authorization Management Program (FedRAMP)
  • FedRAMP Policy Memo
  • 2007 Federal Computer Security Report Card
  • 2006 Federal Computer Security Report Card
  • 2005 Federal Computer Security Report Card
  • FIPS 140-2
  • FIPS 140-2 Module Validation Lists
  • FIPS 199, Standards for Security Categorization of Federal Information Systems
  • FIPS 200 Minimum Security Requirements for Federal Information Systems
  • FIPS 800-53A, Rev 1
  • FISMA: Fact and Fiction
  • FISMA Implementation Project
  • 2012 FISMA Reporting Metrics
  • 2020 FISMA Report to Congress
  • 2019 FISMA Report to Congress
  • 2018 FISMA Report to Congress
  • 2017 FISMA Report to Congress
  • 2016 FISMA Report to Congress
  • 2015 FISMA Report to Congress
  • 2014 FISMA Report to Congress
  • 2013 FISMA Report to Congress
  • 2012 FISMA Report to Congress
  • 2011 FISMA Report to Congress
  • 2010 FISMA Report to Congress
  • 2009 FISMA Report to Congress
  • 2008 FISMA Report to Congress
  • 2007 FISMA Report to Congress
  • 2006 FISMA Report to Congress
  • 2005 FISMA Report to Congress
  • 2004 FISMA Report to Congress
  • FISMA Reporting Template for Micro Agencies
  • GAO-08-525, June 27, 2008: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way
  • GAO-08-571T, March 12, 2008: Progress Reported, but Weaknesses at Federal Agencies Persist
  • GAO-08-1001, Sept. 9, 2008: Actions Needed to Better Protect Los Alamos Ntnl. Lab's Unclassified Network
  • GAO-08-526, May 21, 2008: TVA Needs to Address Weaknesses in Control Systems and Networks
  • GAO-08-536, May 19, 2008: Alternatives Exist for Enhancing Protection of Personally Identifiable Information
  • Has FISMA Improved IT Security? Maybe
  • ICD 503
  • NIACAP Guidance
  • NIST FAQ on Continuous Monitoring
  • NIST FISMA Project
  • NIST 800-53, Rev 3 Control Classes Database
  • NIST SP 800-26, Guide for Security Self-Assessments – EOL
  • NIST SP 800-34, Contingency Planning Guide for Information Technology Systems
  • NIST SP 800-37, Guide for C&A of Federal Information Systems
  • NIST SP 800-37, Rev 1. Guide for Applying the Risk Management Framework to Federal Information Systems
  • NIST SP 800-53, Rev 2. Recommended Security Controls
  • NIST SP 800-53, Rev 3. Recommended Security Controls
  • NIST SP 800-53, Rev 4. Security and Privacy Controls
  • NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems
  • NIST SP 800-60, Vol. 1 Guide for Mapping Types of Info. and Information Systems to Security Categories
  • NIST SP 800-60, Vol. 2 Append., Guide for Mapping Types of Info. and Info. Systems to Security Categories
  • NIST SP 800-61, Computer Security Incident Handling Guide
  • OMB Circular A-130 Revised
  • OMB Circular A-130 Revised, Transmittal Memo
  • OMB 11/12/2020 (M-21-04) Modernization Access to and Consent Disclosure of Records Subject to Privacy Act
  • OMB 01/03/2017 (M-17-12) Preparing For and Responsding to a Breach of PII
  • OMB 11/08/2016 (M-17-06) Policies for Federal Agency Public Websites and Digital Services
  • OMB 11/04/2016 (M-17-05) FY 2016-2017 Guidance on Improving Federal Information Security and Privacy
  • OMB 06/08/2015 (M-15-13) Policy to Require Secure Connections Across Federal Websites and Web Services
  • OMB 10/03/2014 (M-15-01) FY 2014-2015 Guidance on Improving Federal Information Security and Privacy
  • OMB 11/18/2013 (M-14-04) FY 2013 Reporting Instructions for the Federal Information Security and Privacy
  • OMB 09/27/2012 (M-12-20) FY 2012 Reporting Instructions for the Federal Information Security and Privacy
  • OMB 10/06/2011 (M-11-06) Requirements for Accepting Externally-Issued Identity Credentials
  • OMB 07/06/2010 (M-10-28) Clarifying Cyber Security Responsibilities and DHS
  • OMB 05/21/2010 (M-10-15) Annual FISMA Reporting Instructions
  • OMB 08/11/2008 (M-08-22) Guidance on the Federal Desktop Core Configuration (FDCC)
  • OMB 11/20/2007 (M-08-05) Trusted Internet Connections
  • OMB 06/25/2007 (M-07-19) FY 2007 Reporting Instructions for the FISMA and Agency Privacy Management
  • OMB 06/01/2007 (M-07-18) Ensuring New Acquisitions Include Common Security Configurations
  • OMB 05/22/2007 (M-07-16) Safeguarding and Responding to the Breach of PII
  • OMB 03/22/2007 (M-07-11) Implementation of Commonly Accepted Security Configurations for Windows OS
  • OMB 07/17/2006 (M-06-20) Reporting Instructions for FISMA and Agency Privacy Management
  • OMB 06/23/2006 (M-06-16) Protection of Sensitive Agency Information
  • OMB 05/22/2006 (M-06-15) Safeguarding PII
  • OMB 12/30/2005 (M-06-04) Improving Agency Disclosure Information
  • OMB 08/05/2005 (M-05-24) HSPD-12 Common Identification Standard
  • OMB 06/30/2005 (M-05-16) Regs on Maintaining TeleCom Service During Emergency in Fed-owned Buildings
  • OMB 12/17/2004 (M-05-04) Policies for Federal Agency Public Websites
  • OMB 06/17/2004 (M-04-15) HSPD 7 Critical Infrastructure Protection
  • OMB 12/16/2003 (M-04-04) eAuthentication Guidance for Federal Agencies
  • OMB 09/26/2003 (M-03-22) Guidance for Implementing E-Government Act of 2002 Privacy Provisions
  • OMB 08/06/2003 (M-03-19) Reporting Instructions for FISMA
  • OMB 08/01/2003 (M-03-18) Guidance for E-Gov Act of 2002
  • OMB 10/17/2001 (M-02-01) Guidance for Preparing and Submitting Security Plans of Action and Milestones
  • OMB 02/28/2000 (M-00-07) Incorporating and Funding Security in Information Systems Investments
  • Privacy Act of 1974 (Amended)
  • Security Content Automation Protocol (SCAP)
  • Security Technical Implementation Guides (STIGS)
  • US Government Configuration Baseline
  • US CERT


  • Copyright 2009-2024, FISMA Center | 8115 Maple Lawn Blvd., Suite 350, Fulton, MD, 20759 | Tel: 202-997-0148 | Fax: 855-451-5466 | Legal