Which Act requires all government agencies to have a plan in place in the event of a cyberattack?

The Federal Information Security Management Act (FISMA) is the correct answer because it mandates that federal agencies develop, document, and implement an information security program. This includes a requirement for each agency to have a plan in place for dealing with security incidents, including cyberattacks. FISMA emphasizes the need for a structured approach to manage risks and safeguard sensitive information, making it essential for agencies to prepare adequately for potential cyber incidents.

In contrast, the other acts do not specifically impose such requirements for planning in the case of a cyberattack. The Federal Cybersecurity Act focuses more on enhancing cybersecurity measures and fostering collaboration without a direct requirement for agencies to have a specific plan in place. The Cybersecurity Information Sharing Act encourages sharing information about cybersecurity threats among private and public sectors but does not mandate that agencies have an incident response plan. The Digital Privacy Act, while addressing privacy concerns, does not pertain to the requirements for cybersecurity planning within government agencies.