Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium Businesses
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
Breadcrumb
  1. Home
  2. Topics
  3. Cyber Threats and Advisories
Share:

Federal Information Security Modernization Act

The Federal Information Security Modernization Act of 2014 (FISMA 2014) updates the Federal Government's cybersecurity practices by:

  • Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems;
  • Amending and clarifying the Office of Management and Budget's (OMB) oversight authority over federal agency information security practices; and by
  • Requiring OMB to amend or revise OMB A-130 to "eliminate inefficient and wasteful reporting."

Overview

FISMA 2014 codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.

The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. It also:

  • Authorizes DHS to provide operational and technical assistance to other federal Executive Branch civilian agencies at the agency’s request;
  • Places the federal information security incident center (a function fulfilled by US-CERT) within DHS by law;
  • Authorizes DHS technology deployments to other agencies' networks (upon those agencies' request);
  • Directs OMB to revise policies regarding notification of individuals affected by federal agency data breaches;
  • Requires agencies to report major information security incidents as well as data breaches to Congress as they occur and annually; and
  • Simplifies existing FISMA reporting to eliminate inefficient or wasteful reporting while adding new reporting requirements for major information security incidents.

The Federal Information Security Modernization Act of 2014 amends the Federal Information Security Management Act of 2002 (FISMA).

FY23 FISMA Documents

FY23 CIO FISMA Metrics

Download File (PDF, 429.98 KB)

FY23-24 IG FISMA Metrics

PUBLICATION
Download File (PDF, 761.36 KB)

FY22 FISMA Documents

Publication

FY22 CIO FISMA Metrics

FY22 IG FISMA Metrics

Publication

FY22 IG FISMA Metrics Evaluation Guide

Publication

FY22 SAOP FISMA Metrics

FY21 FISMA Documents

Nov 19, 2020
Publication

FY21 FISMA Documents

FY20 FISMA Documents

Publication

FY20 FISMA Documents

FY14 - FY19 FISMA Documents

FY19 FISMA Documents

DEC 18, 2018 | PUBLICATION
View Files

FY18 FISMA Documents

NOV 09, 2017 | PUBLICATION
View Files

FY17 FISMA Documents

AUG 21, 2016 | PUBLICATION
View Files

FY16 FISMA Documents

SEP 29, 2015 | PUBLICATION
View Files

FY15 FISMA Documents

NOV 25, 2014 | PUBLICATION
View Files

FY14 FISMA Documents

FEB 19, 2014 | PUBLICATION
View Files
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback