FISMA Security Documentation

Passed in 2002, The Federal Information Systems Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. The National Institutes of Health (NIH) enforces compliance with FISMA by documenting and reporting federal contractors' information security programs and systems. All NIH contracts (and other Federal agencies) awarded to Partners' hospitals and investigators include this requirement.

The Partners Research Computing Core provides fee-for-service consultants who write and maintain the necessary FISMA reports for Partners affiliated government contracts. The federal contract lists the specific reporting requirements.

Recent blog post

RISO highlights A cybersecurity primer for translational research by Eric D. Perakslis and Martin Stanley 

FISMA Getting Started

If you have a contract or grant with FISMA requirements, visit the Research Navigator for Partners Research Management policies and procedures.

Engaging the Core prior to contract approval allows for the timely completion of the FISMA requirements. These reports will take the full 30 days to complete from the engagement date. The IT SC&A requires an additional 60 days.