FISMA, or the Federal Information Security Management Act, is a U.S. federal law passed in 2002. It seeks to establish guidelines and cybersecurity standards for government tech infrastructure. The law was modified in 2014 to put more emphasis on continual monitoring. The rules are really about assessing the security of individual systems, rather than companies or agencies as a whole. The federal government has been working to rationalize its sprawling, fragmented IT infrastructure by moving much of it to the cloud in 2011.”]