CompTIA and the Federal Information Security Act (FISMA)

FISMA was developed by the United States National Institute of Standards (NIST) and passed in December of 2002. It is designed to ensure that government agencies follow secure standards and “security controls” to keep data and systems secure. The intent of the act is to have all government agencies as well as private companies develop, document and follow specific security procedures. All companies who wish to demonstrate compliance must undergo an extensive risk assessment audit based on a list of procedures provided by NIST. These include the following: 

  1. Categorizing information created and used by the organization so it can be better protected.
  2. Selecting minimum baseline controls.
  3. Changing and refining controls using a risk assessment procedure.
  4. Documenting the controls in the system security plan.
  5. Implementing security controls in appropriate information systems.
  6. Assessing the effectiveness of the security controls once they have been implemented.
  7. Determining the risk level of events to an agency or company.
  8. Establishing processes for securing information systems.
  9. Monitoring implemented security controls on a continuous basis.

Government entities and companies alike have worked to become FISMA-compliant. CompTIA certifications are based on industry standards and best practices. Individuals who have passed our certifications are uniquely prepared to help organizations conform to FISMA standards and pass audits. This is because CompTIA-certified individuals have a deep understanding of the processes and technologies necessary to keep companies secure.