Submitting FISMA Reports to GAO
About FISMA
The Federal Information Security Modernization Act of 2014 (FISMA) provides a cybersecurity framework to help protect federal operations and assets. FISMA requires agencies to develop, document, and implement an agency-wide program to secure federal IT systems and data.
FISMA requires agencies to develop, document, and implement an agency-wide program to secure federal information systems and data. These information security programs are to provide risk-based protections for the information and information systems that support the operations and assets of the agency.
Annual Reporting Requirement
FISMA also requires federal agency Inspectors General, or a designated external auditor, to annually assess the effectiveness of the information security policies, procedures, and practices of their parent agency. In addition, the act requires agencies to report annually to GAO, among others, on the adequacy and effectiveness of their information security policies, procedures, and practices.
How to Submit
Agencies can submit their annual FISMA reports to GAO by
- emailing FISMA@gao.gov
- mailing a physical copy to:
Government Accountability Office
C/O: Jennifer Franks, Information Technology & Cybersecurity Team
441 G Street, NW
Washington, D.C. 20226
Questions? Need more information?
Contact FISMA@gao.gov.