Passed in 2002, The Federal Information Systems Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. The National Institutes of Health (NIH) enforces compliance with FISMA by documenting and reporting federal contractors' information security programs and systems. All NIH contracts (and other Federal agencies) awarded to Partners' hospitals and investigators include this requirement.
The Partners Research Computing Core provides fee-for-service consultants who write and maintain the necessary FISMA reports for Partners affiliated government contracts. The federal contract lists the specific reporting requirements.