Thursday, July 19, 2007

FIPS-140-3 Draft

FIPS-140-3 Has been released. As always, I will review at my leisure and post my review (if I actually get around to it).

Monday, July 9, 2007

Here is an interesting article that doesn't help the case for the Data Breach Act.

Congressional Action

I am not a fan of Norm Coleman, who happens to be a Republican senator from Minnesota. Norm has decided that he wants to amend FISMA. It is called the "Federal Agency Data Breach Protection Act", and like most legislation, has no teeth. It leaves the implementation to OMB and sets no timeline for public notification of a breach. It is identical to H.R. 2124, which is not unusual. Since the same text needs to be passed in both the House and Senate.

So if you are reading this and thinking to yourself, "Oh deary me, now I have to change everything". Fret not. First, these bills must become law. Then OMB needs to decide how they are going to implement it. Lastly, you are probably doing all of what it is asking already. The only thing that agencies will really have to worry about is making sure that inventories are controlled and when employees or contractors are terminated that the government equipment is returned.

Further, this has been tried before and didn't make it. If you are an outsourced system, you should know that you will be subject to law.