Telstarjohn, I wonder where Wave fits into FISMA, NIST, and E-Government Act of 2002?
FISMA (44 U.S.C. § 3541, et seq.) is a US Federal law enacted in 2002 as Title III of the E-Government Act of 2002. FISMA requires each Federal agency to develop, document, and implement an agency-wide information security program.
All new applications must undergo a full Certification and Accreditation (C&A), including an initial review to ensure compliance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems. In conjunction with C&A, an agency will perform a self-assessment using the guidance found in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems
Title II of the E-Government Act of 2002, Section 208, requires a Privacy Impact Assessment (PIA) prior to developing or procuring IT systems that collect, maintain, or disseminate Information in Identifiable Form (IIF). All systems shall have a current PIA to ensure compliance with the Privacy Act of 1974 and other IT privacy requirements.
AsISeeIt