Yale University & FISMA (Federal Information Security Management Act) Requirements


The Federal Information Security Management Act of 2002 (44 U.S.C. § 3541) is a United States federal law enacted as Title III of the E-Government Act of 2002 (P.L. 107-347, 116 Stat. 2899). FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. As part of research and patient care the University’s has contracts with federal agencies that require compliance with this Act.

Download Resources