A U.S. federal law enacted as part of the E-Government Act of 2002. The act requires each federal agency to develop, document and implement an agency-wide program to provide information security for the data and data systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source. FISMA requires agency program officials, chief information officers and inspectors general to conduct annual reviews of the agency’s information security program and report the results to Office of Management and Budget. OMB uses this data to assist in its oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act. In FY 2008, federal agencies spent $6.2 billion securing the government’s total information technology investment of approximately $68 billion or about 9.2 percent of the total information technology portfolio.
Link to text of law: Federal Information Security Management Act of 2002