ABSTRACT
Probably the most signi˜cant aspect of FISMA since its enactment has been its requirement for periodic reporting. e requirements for reporting and the manner in which FISMA reporting has been implemented have elevated the visibility of government information security management activities, heightened the awareness of senior agency o™cials, and stirred signi˜cant controversy.
