Which statement best describes the significance of the Federal Information Security Modernization Act of 2014 (FISMA)?

• A. It introduces private sector encryption standards.
• B. It defines risk management for state agencies.
• C. It mandates federal agencies to secure information and information systems, with NIST guidelines.
• D. It outlines authentication methods for personal devices.

Answer: (C)

FISMA 2014 is about making sure federal agencies protect their information and information systems and do so using the standards and guidelines developed by NIST. The law strengthens the obligation for agencies to manage security risk through formal programs, ongoing monitoring, and regular assessments, all aligned with NIST guidelines such as the security controls and the risk management framework. That combination—mandatory protection of information/assets plus reliance on NIST standards—best captures the act’s purpose.

This isn’t about private sector encryption standards, nor does it extend to defining risk management for state governments, and it doesn’t specifically lay out authentication methods for personal devices. The emphasis is on federal agencies securing information systems using NIST as the baseline.