What FISMA Is And Why You Should Care About It

At Lifeline Data Centers, compliance not only a priority, it’s an operational necessity. We believe it is a crucial piece of protecting, managing and organizing your data, and we work to maintain a fully compliant data center every single day.

With compliance comes many different regulations and standards that must be followed in order to be a compliant data center. The Federal Information Security Management Act, or FISMA for short, is one of the key regulations for federal data security standards and guidelines. It was established in 2003 with the goal of providing standardized regulations for information and data security, which would ultimately lead to higher data protection standards across the data center industry.

FISMA looks at three things:

  • Adequacy of the security: Lifeline is assessed weekly by external auditors on whether or not the security measures we have in place are sufficient for federal data and assets (and always passes with flying colors).
  • Enforcement of the security: It is not enough to simply implement these security measures, but data centers need prove to external auditors that their security measures are functional and actively effective in real time.
  • Compliance: Provisions for the management of each government agency’s physical and information security are set, and each agency must be accountable for compliance and reporting on these provisions (unless you are the IRS).

In other words, FISMA was created to protect federal data and information from any and all threats, and risks must be at or below acceptable levels in a cost-effective, timely and efficient manner. The National Institute of Standards and Technology has outlined a list of steps that data centers need to take in order to be compliant with FISMA, all of which Lifeline Data Centers currently follows.  FISMA risk assessment and security standards and methodologies are being increasingly adopted and embraced by the private sector because of their highly objective, procedural, and prescriptive approach to assessing risk, determining appropriate security postures, and enforcing those postures.

While FISMA is nationally recognized, the reality is that only a third of data centers in the United States are FISMA compliant. As the data center industry continues to grow and scale based on need, it is imperative that these regulations are enforced and implemented in order to protect your data. While this regulation specifically focuses on federal information, assets and data, these regulations ultimately lead to higher standards across the data center industry for all types of data.

At Lifeline Data Centers, we consistently educate ourselves on FISMA, along with other data center compliance regulations. We are working towards the highest level of compliance for our customers with FISMA requirements, which is called the “Authority to Operate.” Authority to Operate (ATO) is presented by the federal government after a Certification Agency (CA) certifies that the security and infrastructure implementation in question has passed all requirements to be compliant and operational. This must be renewed every three years.

Lifeline Data Centers is considered compliant with FISMA and maintains a current SSAE16 SOC2 Type 2 Audit Report. We also have a full list of certifications. For more information on Lifeline Data Centers and FISMA, check out some of our articles:

Rich Banta

Rich Banta

Managing Member at Lifeline Data Centers
Rich is responsible for Compliance and Certifications, Data Center Operations, Information Technology, and Client Concierge Services. Rich has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. Rich is a former CTO of a major health care system. Rich is hands-on every day in the data centers. He also holds many certifications, including: CISA – Certified Information Systems Auditor CRISC – Certified in Risk & Information Systems Management CDCE – Certified Data Center Expert CDCDP – Certified Data Center Design Professional