What It Is

Federal Information Security Modernization Act (FISMA 2014) is a U.S. federal law establishing a risk-based framework for protecting federal information and systems. It mandates agency-wide information security programs using NIST Risk Management Framework (RMF) with 7 steps: Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor.

Key Components

• NIST SP 800-53 controls tailored by FIPS 199 impact levels (Low/Moderate/High).
• Continuous monitoring via SP 800-137 and CDM tools.
• Oversight by OMB, DHS/CISA, IGs with annual maturity assessments.
• Compliance model includes SSPs, POA&Ms, ATOs, no formal certification but IG evaluations.

Why Organizations Use It

Federal agencies and contractors must comply legally; non-compliance risks funding loss, debarment. Provides risk reduction, resilience, market access for vendors. Builds trust, aligns cybersecurity with missions.

Implementation Overview

Phased RMF approach: governance/inventory, categorize/select controls, implement/assess/authorize, monitor/sustain. Applies to agencies, contractors; suits large enterprises to SMBs via scaling. Requires audits, reporting to OMB/Congress.

What It Is

Basel III is the international prudential regulatory framework issued by the Basel Committee on Banking Supervision (BCBS) post-2007-09 financial crisis. It strengthens bank resilience through enhanced capital quality and quantity, leverage constraints, liquidity standards, and improved risk measurement comparability using a multi-metric, risk-based approach with non-risk-based backstops.

Key Components

• **Three PillarsPillar 1 (capital ratios: CET1 4.5%, Tier 1 6%, Total 8% + buffers; leverage ratio 3%; LCR/NSFR); Pillar 2 (supervisory review/ICAAP); Pillar 3 (disclosures like RWA templates, CDC).
• Revised risk approaches (credit, market, operational SMA), output floor (72.5%).
• Built on Basel II, no formal certification—compliance via national laws.

Why Organizations Use It

• Mandatory for internationally active banks to meet jurisdictional rules, avoid penalties.
• Enhances solvency/liquidity resilience, reduces systemic risk, improves market discipline.
• Drives strategic balance-sheet optimization, stakeholder trust, competitive positioning.

Implementation Overview

• Phased enterprise transformation: governance, data/IT build, model validation, training.
• Applies to large banks globally; involves QIS, parallel runs, supervisory audits. (178 words)