Federal Information Security Management Act (FISMA)

FISMA stands for the Federal Information Security Management Act (FISMA), a United States legislation signed in 2002 to underline the importance of information security to the economic and national security interests of the United States. FISMA requires federal agencies to develop, document, and implement an information security program to safeguard their information systems including those provided or managed by another agency, contractor, or another third party.

Who must be FISMA compliant?

All government agencies, government contractors, and organizations that exchange data directly with government systems must be FISMA compliant. This may include such diverse entities as data clearinghouses, state government departments, and government military subcontractors in cases where data is exchanged directly with Federal government systems.

Who is responsible for FISMA compliance?

Agency program officials, chief information officers, chief information security officers, senior agency officials for privacy, and inspectors general.

What are the FISMA Data Destruction requirements?

“Policies and procedures play an important role in the effective implementation of enterprise-wide information security programs within the federal government and the success of the resulting security measures employed to protect federal information and information systems. Thus, organizations must develop and promulgate formal, documented policies and procedures governing the minimum security requirements set forth in this standard and must ensure their effective implementation.”
Media Protection (MP): Organizations must: (i) protect information system media, both paper and digital; (ii) limit access to information on information system media to authorized users; and (iii) sanitize or destroy information system media before disposal or release for reuse.

What are the consequences of non-compliance?

FISMA holds federal agencies and government contractors accountable to secure government information. Failure to pass a FISMA inspection can result in:

  • Significant administrative sanctions

  • Unfavorable publicity

  • Reduction of IT budget

How can e-End keep government contractors in compliance?

e-End can ensure your organization that all data on the computers, copiers, printers and other devices in your office is destroyed and cannot be recovered by any means.

In addition to being NAID AAA Certified for sanitizing data on all electronic and non-paper media (including hard drives, flash drives and cell phones), we also adhere to NSA and NIST 800-88R1 guidelines for data destruction to ensure you’ll remain compliant with the FISMA rules.

After our services have been completed, you’ll be issued a Certificate of Certified Data Sanitization and Certificate of Recycling for your records.

For organizations with data for destruction that, due to security reasons, cannot leave your facility, we can perform all data sanitization services onsite at your office or facility with no disruption.

Contact us today to learn more about how we can keep you compliant with FISMA and other regulations.

Computer Recycling Drop Off Location:

Monday – Friday: 9AM-4PM
Saturday - Sunday: Closed

7118 Geoffrey Way Unit E
Frederick, MD 21704
Phone: (240) 529-1010