The Federal Information Security Management Act (FISMA) was passed by Congress and signed into law by the President as part of the E-Government Act of 2002 (Pub. L. No. 107-347). The goals of FISMA include development of a comprehensive framework to protect the government’s information, operations, and assets. Providing adequate security for the Federal government’s investment in information technology (IT) is a significant undertaking. In fiscal year 2007, the Federal agencies spent $5.9 billion securing the government’s total IT investment of approximately $65 billion for the fiscal year 2007 enacted level, equating to approximately 9.2 percent of the total IT portfolio. Funds spent on IT security are used for cross-cutting and system-specific security activities including certification and accreditation (C&A) of systems, testing of controls, and user awareness training.