Start Free Trial
Home/Regulations/FISMA / NIST Risk Management Framework — Regulatory Reference
Regulatory Reference
Public Sector Federal (US) high

FISMA / NIST Risk Management Framework — Regulatory Reference

Federal information security risk management — access controls, encryption, and audit logging for AI systems accessing government data.

Key Provisions
  • 44 USC § 3551 — FISMA
  • NIST SP 800-37 — RMF for Information Systems and Organizations
  • NIST SP 800-53 — control catalog
  • Continuous authorization and ongoing assessment
How AutoPIL Enforces It
  • Same AC/AU/IA family mapping as FedRAMP — see public-sector/fedramp.md
  • Agent registry supports RMF Step 6 (continuous monitoring) by surfacing AI agent inventory
  • Policy YAML versioning supports RMF Step 5 (authorize)
Policy EngineAudit LogSensitivity LabelsAgent RegistryKey ScopingAlert Rules
AutoPIL Policy IDs
PS-FISMA-S6-001Continuous Monitoring of AI Agents
PS-FISMA-S5-001Authorization Evidence for AI Systems
Official Sources
https://csrc.nist.gov/projects/risk-managementhttps://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries