FISMA stands for the Federal Information Security Management Act. It is the US legislation defining the comprehensive framework for the protection of governmental information, operations, and assets. The framework will protect the data against natural or man-made threats.

Under the FISMA legislation, various agencies are responsible for ensuring the security of data in the federal government. Individuals like the program officials and agency heads will be required to perform annual reviews of the information security programs. The aim is to reduce the risk of security breaches and keep it below the specified level. The responsibility also requires adhering to cost-effective methods that work in a timely fashion and efficient manner. The National Institute of Standards and Technology (NIST) has outlined 9 steps that ensure compliance with the FISMA.

GBLA is the Gramm-Leach-Bliley Act. Also known as the Financial Modernization Act of 1999, this US federal law requires the financial institutions to state how they share and protect the private information of their customers. The communication allows the customers to opt-out of the company’s services if they don’t wish to share their private information with third parties. The company is also supposed to protect the customer’s data under the written information security plan developed by them.

Known as the Sarbanes-Oxley Act, the SOX compliance standard indicated that the publically held companies must have internal controls and procedures for financial reporting. This reduces the risk of corporate fraud. There are no specific controls mentioned within the scope of SOX but indicated towards the COBIT framework in order to ensure high standards of IT governance.

The RIS Group can be your IT GRC partner to ensure you meet the above compliance standards. With our services, you can have the peace of mind not only for your next compliance audit but effective cybersecurity and risk management.