The focus of FISMA is for the evaluation of the effectiveness of system security practices systems each government agencies uses.  FISMA leverages the NIST 800 series of categories and measures as the main metric.  

ReadyCert supports FISMA reporting by organizing individual requirements for NIST 800-60 and 800-53, linked to supporting artifacts. ReadyCert uses a scorecard approach for FIPS199 impact assessment and risk management.

https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002

‍

‍