What is FISMA?

The Federal Information Security Management Act (FISMA) is a framework designed to protect the United States government against cybersecurity attacks and natural disasters that put sensitive data at risk.


U.S. federal agencies chose SailPoint to help protect their digital identities


increase in cyber incidents at federal agencies since 2016 1

Who must comply with FISMA?

  • All U.S. federal government agencies
  • State agencies administering federal programs such as unemployment insurance, student loans, Medicare and Medicaid
  • Any private sector company doing contracted work for the U.S. government

What are the key FISMA areas identity governance addresses?

Access controls
Govern who has access to what, who should have access and how that access is used.

Audit and accountability
Produce audit trails and enable periodic reviews of access rights to enhance audit performance and adhere to regulatory mandates.

Identification and authentication
Integrate SailPoint’s identity governance with various single-sign on and multi-factor authentication solutions.

Risk assessment
Continually asses risk levels by classifying sensitive data in stored in applications and files, automating access reviews to identify inappropriate access and using AI to monitor and identify unusual access.

What if your organization doesn’t comply?

There is a range of potential penalties including censure by Congress, reduction in federal funding and reputational damage.


Case study

Sallie Mae simplified access certification and improved oversight into identity data


How identity governance helps ensure FISMA compliance

With SailPoint’s comprehensive intelligent identity governance solution, you can secure sensitive and classified data by assessing risk levels, enforcing access policies, monitoring access behavior and demonstrating compliance with FISMA requirements. We also help you maintain FISMA compliance by automating key processes to free up your IT team.

Read how identity governance helps ensure compliance


Learn about the 5 A’s and identity governance


How does our open cloud identity governance platform help your business?

We make it possible for you to see and control access to all apps and data for all users, including non-human ones like bots.