GISRA 2000 required U.S. government agencies to implement an information security program that includes planning, assessment and protection, and was replaced by which act in 2002?

GISRA set a baseline for federal information security by requiring agencies to plan, assess, and protect information systems. In 2002, Congress replaced GISRA with the Federal Information Security Management Act, enacted as part of the E-Government Act. FISMA establishes a formal, risk-based security program across agencies, mandating annual security program development, regular risk assessments, inventory and controls for information systems, continuous monitoring, and annual reporting to the OMB and Congress. This standardized framework superseded GISRA’s requirements and became the ongoing approach to federal information security. The other acts are not the replacement: the Clinger-Cohen Act focuses on IT governance and management, the USA PATRIOT Act centers on national security law, and the E-Government Act is the larger statute that houses FISMA rather than the replacement itself.