Federal Information System Controls Audit Manual

The Federal Information System Controls Audit Manual (FISCAM) presents a methodology for auditing information system controls in federal and other governmental entities. This methodology is in accordance with professional standards.  

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 


As computer technology has advanced, federal agencies and other government entities have become dependent on computerized information systems to carry out their operations. To help ensure the proper operation of these systems, FISCAM provides auditors with specific guidance for evaluating the confidentiality, integrity, and availability of information systems consistent with

FISCAM is also consistent with National Institute of Standards and Technology's (NIST) guidelines for complying with the Federal Information Security Modernization Act of 2014 (FISMA). This law requires federal agencies to develop, document, and implement agency-wide programs to ensure information security. NIST Special Publication 800-53 provides recommended security controls for federal information systems and organizations, and appendix 3 of FISCAM provides a crosswalk  to those controls.

How to Access FISCAM

You may download the entire FISCAM in PDF format. You may also download appendixes 1-3 as a zipped Word document to enter data to support the gathering and analysis of audit evidence.

Related Standards and Guidance

Yellow Book Icon

Government Auditing Standards, also known as the Yellow Book, provide a framework for conducting high quality audits with competence, integrity, objectivity, and independence.

Blue Book Icon

The Financial Audit Manual presents a methodology to perform financial statement audits of federal entities in accordance with professional standards.

Green Book Icon

Standards for Internal Control in the Federal Government, known as the Green Book, sets standards for federal agencies on the policies and procedures they employ to ensure effective resource use in fulfilling their mission, goals, objectives, and strategic plan.

For technical or practice questions regarding the Federal Information System Controls Audit Manual, please e-mail FISCAM@gao.gov.