Fisma — CISSP Practice Questions

The Federal Information Security Modernization Act (FISMA) is U.S. legislation that requires federal agencies to develop, document, and implement programs to secure their information and information systems. On the CISSP exam, FISMA is relevant to governance, risk, and compliance discussions because it mandates the use of NIST standards and the RMF for all federal information systems. Candidates must understand that FISMA establishes accountability at the agency head level and requires annual reporting to Congress and OMB on security program effectiveness. FISMA knowledge helps candidates reason through authorization to operate decisions and the legal drivers behind federal security controls.

Free questions on fisma