The Federal Information Security Management Act (FISMA) is a federal law designed to increase the security posture of government agency federal systems, bureaus, departments, and their supporting entities, such as vendors and subcontractors.
Vendors and subcontractors that provide information systems to agencies must prove, through an annual assessment, that they meet FISMA requirements. This process involves working directly with each agency to achieve an authority to operate (ATO) and be assessed to controls based on FIPS 199, FIPS 200, and NIST SP 800-53 Revision 4.