GTA has adopted the security requirements created by the Federal Information Security Management Act (FISMA) of 2002 and the FISMA Implementation Project conducted by NIST. GTA's policies and standards were developed in accordance with FISMA, and OIS conducts program reviews to help agencies identify and remediate deficiencies. These reviews are based on federal guidance from Program Review for Information Security Management Assistance (PRISMA). The reviews are focused on the agency's security management and operational processes based on requirements established by statewide security policies, the Federal Information Security Management Act (FISMA), and the National Institute of Standards and Technology (NIST) Computer Security Division.
The ultimate goal of these reviews is to assist agencies in:
- Building robust information security and risk management programs
- Preparing for future reporting and audit requirements
- Responding to audit or assessment findings