Depending on who you talk to, the Federal Information Security Management Act (FISMA) is either the greatest thing in the world or a government bureaucratic mess. Is FISMA coming soon to a state or local government near you? Isn\u2019t the first word \u201cFederal?\u201dA few things are clear:1)\u00a0\u00a0\u00a0\u00a0\u00a0 FISMA compliance has posed significant challenges for federal agencies. Hundreds of articles have been written about FISMA compliance, the infamous report cards \u2013 where eight agencies, including the departments of Defense, State and Homeland Security, received failing F grades, and another five agencies received grades between D+ and D-. Seven agencies, including the Department of Labor and the Social Security Administration, received grades of A- or better.2)\u00a0\u00a0\u00a0\u00a0\u00a0 State and local governments receive a large percentage of their IT dollars from the feds. In Michigan, approximately 60% of our IT budget comes from the federal government. Some states get more, some less, but the dollars are huge.3)\u00a0\u00a0\u00a0\u00a0\u00a0 There has been no formal OMB decision (that I am aware of) on whether state agencies must comply with FISMA security requirements for systems that receive federal information or dollars.\u00a0\u00a0\u00a0 4)\u00a0\u00a0\u00a0\u00a0\u00a0 While state and local governments can separate out federal from non-federal systems as far as compliance goes, it\u2019s very difficult when systems are so interconnected.\u00a0Many of the compliance directives deal with networks and even such areas as privacy on websites. Most locals are trying to move away for stovepipes for efficiency reasons.5)\u00a0\u00a0\u00a0\u00a0\u00a0 Federal auditors are showing up in the states now. They are often interpreting FISMA guidance as proof that state systems that are acting as custodians of federal information and\/or receiving federal dollars must comply. Questions arise around how fully...6)\u00a0\u00a0\u00a0\u00a0\u00a0 I suspect that this will be tested formally by some state or local government at some point and viewed as an unfunded mandate.In the meantime, I\u2019d advise state and local IT professionals to at least start reading up on FISMA. You can also start to get that security wording into new contracts where you are custodians of federal data and receive federal dollars.\u00a0Bottom line, stay tuned. This show is just beginning \u2013 and I expect multiple episodes.\u00a0I also value your comments. What\u2019s your viewpoint?