General Security Standards

In the Federal government, the principal law governing the security of information systems is the Federal Information Security Management Act (FISMA). For more information on FISMA, check out the FISMA Ready introduction, a community project co-managed by 18F. Cloud.gov and the 18F Infrastructure team have done most of the heavy lifting with regards to FISMA, but it is still important to understand the context into which we ship.

Most of the security practices have been integrated into the ATO portion of this guide. Here are a few pointers to get you started: