‘FISMA’ Archives
The Widening Gap Between FISMA and Reality
We all know that FISMA is better than nothing, and we should know that it was a decent attempt(at the time) by legislators at implementing IT Security within the Federal Government. But the fact is, FISMA is too weak, and too slow to be effective in the world of IT Security as it exists in the year 2010. IT security controls can not go unchecked [...]
What Does Continuous Monitoring Mean to You?
The re-vamped suite of NIST documents (SP 800-53 r3, 800-37 r1, 800-39, etc) are bringing a slightly stronger definition of continuous monitoring into play. The new definition is far better than the previous vague descriptions of the concept(which is "at least annually"). Currently in the Federal space continuous monitoring is interpreted to [...]
Required Encryption of all Federal Data
Considering the number of incidents of leaks of Federal data, and the fact that there are entities actively attempting to steal sensitive data I feel as if it is time for the Government to encrypt all of its data. Every hard disk, thumb drive, email, backup media, etc. Encryption should become the rule instead of the exception. I find it [...]
