US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Federal Information Security Modernization Act (FISMA)

The Federal Information Security Modernization Act (FISMA) of 2014 updates the Federal Government's cybersecurity practices by:

  • Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security Federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems; 
  • Amending and clarifying the Office of Management and Budget's (OMB) oversight authority over federal agency information security practices; and by
  • Requiring OMB to amend or revise OMB A-130 to "eliminate inefficient and wasteful reporting."


FISMA 2014 codifies the Department of Homeland’s Security’s role in administering the implementation of information security policies for Federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing the policies.

The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. It also:

  • Authorizes DHS to provide operational and technical assistance to other Federal Executive Branch civilian agencies at the agency’s request;
  • Places the federal information security incident center (a function fulfilled by US-CERT) within DHS by law;
  • Authorizes DHS technology deployments to other agencies' networks (upon those agencies' request);
  • Directs OMB to revise policies regarding notification of individuals affected by federal agency data breaches;
  • Requires agencies to report major information security incidents as well as data breaches to Congress, as they occur and annually and
  • Simplifies existing FISMA reporting to eliminate inefficient or wasteful reporting, while adding new reporting requirements for major information security incidents.

FY16 FISMA Documents

FY15 FISMA Documents

FY14 FISMA Documents

Last Published Date: November 9, 2015

Was this page helpful?

Back to Top