FISMA, is the Federal Information Security Management Act. This statute was passed in 2002 in order to ensure that government agencies would follow certain steps in order to keep the government's information secure. The law was amended in 2014 in order to address a rise in cyber attacks. NIST has established official guidelines for the implementation of the program. A framework was adopted calling for these measures:

1. Preparation to manage security risks.

2. Categorization of stored information.

3. The selection of baseline controls.

4. The implementation of these controls.

5. Assess whether or not the controls were keeping information secure.

6. Authorize the system to operate based on the level of risk involved.

7. Monitor the controls on an ongoing basis.