GAO released a draft of a new FISCAM. From the cursory look I have taken, it is a guide for the GAO auditor. Another thing is that they took the time to cross reference to the 800-53. But as I said, I have only taken a cursory review.
http://www.gao.gov/new.items/d081029g.pdf?source=ra
Hopefully, I will get to it within the next week. No guarantees, have a good weekend.
http://www.gao.gov/new.items/d081029g.pdf?source=ra
Hopefully, I will get to it within the next week. No guarantees, have a good weekend.
1 comment:
Hi Chris
This falls inline with what GAO has been saying for years: that they don't have a good set of auditing criteria.
The security dweeb in me thinks that them not having audit criteria is a good thing because then they reduce information security management even more to a checklist. Blech.
Post a Comment