FISMA

The Federal Information Security Modernization Act of 2014 (FISMA) amends the earlier Federal Information Security Management Act of 2002 to "explicitly emphasizes a risk-based policy for cost-effective security."^[1]
FISMA applies to "Federal agencies, contractors, or other sources that provide information security for the information and information systems... [in support of] the agency."^[2]
In short, FISMA requires federal agencies to protect:
- Information gathered or maintained by or on behalf of the agency
- Information systems used or operated by anyone remotely associated with a federal agency

Metadata