-
Is the Federal Information Security Management Act (FISMA) mentioned in the Federal Acquisition Regulations?
Yes. There is a strong reference to FISMA in the FAR. The FAR link is provided at: http://www.acquisition.gov/far. Page 7.1-2, FAR Section 7.103 states:
"Agency-head responsibilities---
The agency head or a designee shall prescribe procedures for ensuring that agency planners on information technology acquisitions comply with the information technology security requirements in the Federal Information Security Management Act (44 U.S.C. 3544), OMB’s implementing policies including Appendix III of OMB Circular A-130, and guidance and standards from the Department of Commerce’s National Institute of Standards and Technology."
Therefore, the FAR points to FISMA, OMB Circular A-130, and the security standards and guidance developed by the National Institute of Standards and Technology at the Department of Commerce. The NIST security standards and guidance can be found on the Computer Security Division web site at http://csrc.nist.rip with specific information on the FISMA Implementation Project at http://csrc.nist.rip/sec-cert.
