Federal Information System Controls Audit Manual

Jump To:


The Federal Information System Controls Audit Manual (FISCAM) presents a methodology for auditing information system controls in federal and other governmental entities. This methodology is in accordance with professional standards.  

View the 2009 FISCAM


As computer technology has advanced, federal agencies and other government entities have become dependent on computerized information systems to carry out their operations. To help ensure the proper operation of these systems, FISCAM provides auditors with specific guidance for evaluating the confidentiality, integrity, and availability of information systems consistent with

FISCAM is also consistent with National Institute of Standards and Technology's (NIST) guidelines for complying with the Federal Information Security Modernization Act of 2014 (FISMA). This law requires federal agencies to develop, document, and implement agency-wide programs to ensure information security. NIST Special Publication 800-53 provides recommended security controls for federal information systems and organizations, and appendix 3 of FISCAM provides a crosswalk  to those controls.

How to Access FISCAM

You may download the entire FISCAM in PDF format. You may also download appendixes 1-3 as a zipped Word document to enter data to support the gathering and analysis of audit evidence.


GAO Contacts

For technical or practice questions regarding the Federal Information System Controls Audit Manual, please e-mail FISCAM@gao.gov.