U.S. federal law requiring federal agencies and contractors to develop, document, and implement information security programs to protect government information and systems.
FISMA mandates comprehensive insider threat programs for federal agencies through NIST SP 800-53 security controls. Requirements include personnel security screening, continuous monitoring, incident response, and security awareness training. Federal contractors must also implement FISMA-compliant insider risk controls when handling Controlled Unclassified Information (CUI). The framework emphasizes continuous monitoring and risk-based security control implementation.