The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program. 

FISMA is part of the larger E-Government Act of 2002 introduced to improve the management of electronic government services and processes.

FISMA is one of the most important regulations for federal data security standards and guidelines. It was introduced to reduce the security risk to federal information and data while managing federal spending on information security. To achieve these aims, FISMA established a set of guidelines and security standards that federal agencies have to meet. The scope of FISMA has since increased to include state agencies administering federal programs like Medicare. FISMA requirements also apply to any private businesses that are involved in a contractual relationship with the government. These publications include FIPS 199, FIPS 200, and the NIST 800 series.

​