NIST announces FISMA Phase II

The National Institute of Standards and Technology is drafting a set of qualifications that agencies and contractors must meet before they can assess the security of federal information systems. The Federal Information Security Management Act of 2002 requires annual security assessments.

Establishing qualifications for those who conduct security assessments marks a new phase in the implementation of FISMA, NIST officials said this week. In the first phase, NIST was preoccupied with creating information security standards and guidelines for federal agencies. In the next phase, NIST’s technical managers will try to create a set of minimum qualifications and procedural standards for anyone who conducts FISMA security assessments. The purpose is to ensure that federal agencies receive consistent and competent assessments.

NIST expects to publish those qualifications in draft form in late June.

“They’re getting into uncharted territory,” said Lynn McNulty, director of government affairs at the International Information Systems Security Certification Consortium. “They’re getting involved with a credentialing program that involves something other than software and hardware modules.”

NIST held a public workshop April 26 to solicit ideas about to create a pool of service providers qualified to provide security assessments using FISMA standards and guidelines.


  • Federal 100 Awards
    Federal 100 logo

    Fed 100 nominations are now open

    Help us identify this year's outstanding individuals in federal IT.

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.