Organizations that obtain contracts or grants from the U.S. Government are required to implement internal IT security programs that meet FISMA requirements and associated ongoing continuous monitoring, risk management and reporting requirements.

SecureIT, a leading provider of cybersecurity services for government agencies, corporations and nonprofit organizations, reports a major trend in federal government contracting regarding information technology security. Aside from issuance of new contracts and grants for increased security requirements, federal government agencies are issuing modifications to existing contract and grant holders to require these organizations to comply with the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Privacy Act, the National Institutes of Standards and Technology (NIST) Risk Management Framework and the Federal Risk and Authorization Management Program (FedRAMP).
http://www.prweb.com/releases/2013/5/prweb10703820.htm