write-a-response-in-5-6-lines

The relationship between NIST and FISMA

As new trends come in the information technology sector, different measures have been put in place as a way of enhancing security and reducing vulnerability to data and information loss. Introduction of FISMA and NIST are some of these strategies. The two have a clear relationship. FISMA (Federal Information Security Management Act) was enacted in the year 2002. It requires every federal agency to develop, document as well as implement strategies and programs aimed at improving cyber-security (Barrett et al., 2017). NIST (National Institute of Standards and Technology), on the other hand, has a role and responsibility of developing information security standards and guidelines. These help in categorizing types of information with an intention of providing a proper guideline that will play an essential role in protecting these types of information.

NIST has also an important responsibility in reviewing as well as vetting the FISMA security standards. The review ensures that all the FISMA provisions are technically correct and that they can be effectively implemented by the federal agencies (Hulitt & Vaughn, 2010). The review process includes different activities such as getting feedback from the public and private sector that will be directly affected by the rules, internal own review by NIST, and reaching the cyber-security professionals for proper directions.

As mentioned earlier, both NIST and FISMA are important in promoting cyber-security in organizations as the use of computer systems in operations become intense. However, FISMA deals with the Federal institutions and the information systems utilized by these institutions. It offers a detailed set of procedures that public institutions need to follow to the latter in protecting their infrastructure. FISMA sometimes also applies to public contractors in the events they deal with federal systems such as the provision of the cloud-based program that helps in the operation of different online activities. NIST, on the other hand, concentrates on the internal systems of divisions of defense contractors.

All institutions are expected to be guided by regulations provided in NIST and FISMA depending on the category of the organization. Organizations unable to meet these standards may end up suffering from a data breach that may negatively affect their daily operations. Both NIST and FISMA are made up of qualified experts who understand all the federal requirements to improve data maintenance and make security procedures clear to individuals (Barrett et al., 2017). They are therefore important in improving and maintaining the security of computer systems for the proper functionality of online activities and safeguarding data and information in organizations.

It is, therefore, evident that there is a clear relationship between the NIST and FISMA. Both of them work in improving the security of computer systems. For the approval of different rules in FISMA, a review and vetting process has to be undertaken by NIST. However, it should be understood that NIST and FISMA are different in various aspect as much as both have greatly contributed to improvement in computer security in organizations. Organizations should understand the two and ensure that they implement the security rules as provided as a way of enhancing the security and protection of data and information.