The Federal Information Security Management Act (FISMA) is a U.S. law enacted in 2002 to enhance the security of federal information systems. It requires federal agencies to develop, document, and implement an information security program to protect sensitive data from unauthorized access and cyber threats. FISMA also mandates regular assessments and reporting on the effectiveness of these security measures. The law emphasizes the importance of continuous monitoring and improvement, ensuring that agencies comply with standards set by the National Institute of Standards and Technology (NIST) to safeguard federal information assets.