The University of SydneyPage 15Federal Information Security Management Act (FISMA)–FISMA was passed late 2002 as a requisite of the Department of Homeland Security–Security programs are required•A structure for detecting and reporting incidents•A business continuity plan•Defined and published security policies and procedures•A risk assessment plan–At regular intervals, an agency has to report its compliance to the requirements mandated by the law–IT executives are hold accountable for the management of a security policy–Support from National Institute of Standards and Technology (NIST)–Categorization of Federal Information and Information Systems