The Federal Information Security Management Act of 2002 (FISMA) directs all federal agencies to adopt specific security controls under a risk management framework determined by NIST. FISMA compliance is audited by the Office of Management and Budget (OMB).
References: