[ insider_reports_insider ]
Feds Slowly Improving In Computer Security
David Utter
Staff Writer
2008-07-01
 Insider Reports RSS Feed
Federal Information Security Management Act (FISMA) requirements pad on the paperwork for agencies, but the demands of the Act have made a positive impact in computer security.
 | | Feds Slowly Improving In Computer Security |  |
Security gains by federal agencies shut off numerous existing vulnerabilities, thanks to the demands of FISMA for regular monthly scans for problems. The paperwork demands have security pros working in government hoping for a fix for that when Congress looks at FISMA again.
Government Computer News said the paperwork requirements make those pros blanch. One such pro, GSA Citizen Services and Communications IT security officer Rich Kellet, said the reporting takes up nearly four weeks out of the year to prepare.
The demands of FISMA also extend to government suppliers. Agencies seeking services or systems need to ensure that fulfillment of them meets government standards, specifically the SP 800-53 requirements for security.
No SP 800-53 compliance means no FISMA compliance, something security pros in government want to avoid. Paperwork demands now are heavy enough, and there isn't a need to make the situation more demanding by failing to have vendors involved in the process of ensuring compliance.
Readers may be interested in SP 800-37, a 69-page document titled "Guide for the Security Certification and Accreditation of Federal Information Systems." Kellet called it a must-read, and its sections on continuous monitoring deserve a look from anyone in need of codifying a policy on overseeing important electronic assets.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
