This session will review the Federal Information Security Management Act (FISMA) and related requirements for the protection of sensitive agency information and information systems, the National Institute of Standards and Technology (NIST) Certification and Accreditation (C&A) process as described in the NIST Special Publication 800-37 required to be adhered to by all federal government agencies to ensure appropriate security controls are implemented and maintained, and the required Plan of Actions and Milestones (POA&M) process required to document and manage the remediation of vulnerabilities and weaknesses.