Which legislation mandates federal agencies to implement an information security program?

The Federal Information Security Management Act (FISMA) is the key piece of legislation that mandates federal agencies to develop, document, and implement an information security program. Enacted in 2002 and updated in 2014 with the Federal Information Security Modernization Act, FISMA emphasizes the importance of a comprehensive approach to information security, requiring agencies to follow the National Institute of Standards and Technology (NIST) guidelines and standards to protect federal information systems.

By establishing a framework for securing government information and information systems, FISMA supports the federal government's overall mission to manage risks associated with the use of information technology. This includes risk assessments, continuous monitoring, and annual security reviews, ensuring that effective security measures are in place. The legislation reflects the commitment to safeguarding sensitive data from potential threats, thereby enhancing the security posture of federal agencies collectively.

The other options, while relevant to federal information management and security, do not specifically focus on mandating the implementation of a security program in the manner that FISMA does.