The Social Effect of FISMA
Carter Hendrick
Old Dominion University School of Cybersecurity
CYSE 425W: Cyber Strategy and Policy
Teresa Duvall
11/17/2024
The Social Effect of FISMA
FISMA is a policy mostly related to government so its societal impact past that is not easy to see, however it does assist with the protection of government information that would be dangerous if American enemies stole them. Therefore, FISMA’s social effect is its protection it provides to the people through the act of keeping the American government organized which is important to have good cyber defense, response speed, and recovery.
How does FISMA impact society
FISMA is a policy that is government oriented, which means that its effect is mostly reserved for government agencies and affiliated companies. FISMA focuses on building habits of strong cybersecurity, and physical security, that keep information safe within the government. FISMA has many different regulations to do this such as risk assessment, security plans, and incident response plans (Pope). These will have different positive effects on the cybersecurity structure for the American government, mainly improving upon security but also the way issues are handled. By having a risk framework and security plan when there are attacks it will be easy to defend information, should any data leak then there will also be a streamlined method to recover and secure the information lost (Porter). The general mentality used for these improvements is streamlining all processes to keep as much security as possible while having a better response time to emergencies.
What are the Negative impacts of FISMA
While FISMA is a great tool, there are certain negative effects or specific punishments for those unwilling to comply to the FISMA framework. As seen on the Cybersecurity and Infrastructure Security Agency’s website, there are reports from both 2023 and 2024 that are public. Further observation shows some that the documents are very in depth, especially when looking at the CIO metrics (CISA). All this paperwork costs time and money to review the FISMA compliance of an agency and then also process it. The modernization act recently passed has helped reduce some of the paperwork needed to be done, however it is still a lot to sort through. This could cause hiccups in the process and slow response times to catch risks that are uncompliant with the FISMA structure. When an agency refuses to comply to the FISMA framework there are many penalties that can be detrimental to leaders’ positions or the entire agency itself. These punishments range from moderate fines to loss of government funding (Porter). If an agency or contractor were to be the direct cause of a data breach, then there is also a possibility of remediation costs for the potential damages done by the data leak.
Conclusion
While FISMA generally keeps the public safe, its obvious effects are found at the government level and has had positive and negative effects. Overall, it is a great improvement and shows that America is putting in effort to become a fortress both physically and in the cyberspace that no one can oppose. Seeing the improvements made and the constant monitoring of their security should put citizens at ease knowing that even if American cyber defense is not currently the best it could be, it is still much better than it was before.
Works Cited:
- CISA, Federal Information Security Modernization Act: CISA. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act
- Pope, L. (2022, January 10). What is FISMA compliance and who does it impact?. G2 Track. https://track.g2.com/resources/fisma-compliance
- Porter, A. (2024, September 19). FISMA Compliance made simple: A comprehensive guide. BigID. https://bigid.com/blog/fisma-compliance/