Thursday, July 31, 2008


GAO released a draft of a new FISCAM. From the cursory look I have taken, it is a guide for the GAO auditor. Another thing is that they took the time to cross reference to the 800-53. But as I said, I have only taken a cursory review.

Hopefully, I will get to it within the next week. No guarantees, have a good weekend.

1 comment:

rybolov said...

Hi Chris

This falls inline with what GAO has been saying for years: that they don't have a good set of auditing criteria.

The security dweeb in me thinks that them not having audit criteria is a good thing because then they reduce information security management even more to a checklist. Blech.