Assessing the Factors that Determine Compliance with the Federal Information Security Management Act (FISMA)

Carlos A Thomas, Pace University


Although Federal agencies have made progress in their FISMA compliance efforts, most agencies continue to report deficiencies that could impact the confidentiality, integrity and availability of agency information and information systems. Federal agencies are required to submit numerous metrics (also referred to as measures), defined by the Department of Homeland Security and Office of Management and Budget, related to FISMA compliance. The purpose of this dissertation was to assess factors that determine FISMA compliance from the perspectives of agency Inspectors General and Congress. Most of the previous work performed in this area has been performed by Federal agencies and contractors working on behalf of agencies (e.g. GAO, IGs, Independent Public Accounting Firms, etc.). The majority of Federal reports produced by these entities related to the subject matter tend to all have the same observations: • Overall, Federal agencies have made progress in implementing FISMA requirements; however, there’s still room for improvement • FISMA reporting and compliance requirements and measures are still evolving • Historically, FISMA measures have not provided true insight into agency information security program effectiveness This research expands on these observations, drawing insights from Institutional Theory literature, to identify specific factors that affect FISMA compliance.

Subject Area

Computer science

Recommended Citation

Thomas, Carlos A, "Assessing the Factors that Determine Compliance with the Federal Information Security Management Act (FISMA)" (2012). ETD Collection for Pace University. AAI3504745.



Remote User: Click Here to Login (must have Pace University remote login ID and password. Once logged in, click on the View More link above)