IBM Cloud® compliance: FISMA
Illustration showing a person interacting with a computer interface, around which are a security shield and a small government building
What is FISMA?

The Federal Information Security Management Act of 2002 (FISMA) was created to ensure the security of data within the federal government. It defines requirements for the information security of federal agencies as well as independent, third-party contractors who handle government data.

In order to be FISMA-compliant, an organization must conduct annual reviews of information security programs to minimize risks with improved speed, cost-effectiveness and efficiency. FISMA compliance is achieved by a cloud service provider (CSP) through the FedRAMP Authorization process.

IBM position

IBM Cloud for Government is FISMA Impact-Level-High-compliant. IBM Service Descriptions (SD) indicate if a given offering maintains FISMA compliance status. Services below are assessed each year. 

In addition to US government certifications and standards, IBM Cloud for Government data centers adhere to global, industry and regional compliance programs.

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs