Does the federal information security management act outlines the security requirements for classified systems only?
No - FISMA is not restricted to classified systems, it applies to ALL federal computer systems. FISMA is Title III of the E-Government Act of 2002, (Pub.L. 107-347)44 U.S.C Chapter 35, Subchapter III, § 3541 (1) states that FISMA is supposed to:provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;FISMA does call for special efforts to be made to secure classified systems, but the mandate to create and use standards that will secure computer systems commensurate with the value of the data they contain applies to all federal computer systems whether it be DoD, CIA, FBI, IRS, or Department of Commerce. The actual standards are contained in other documents. For example: the DoD requirements are contained in documents like DoDI 8500.2 and DCID 6/3 while the requirements for most non-DoD systems are contained in NIST publications like include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents are being developed including NIST Special Publications 800-37, 800-39, and 800-53A.