tag:blogger.com,1999:blog-6141228044791599805.post3741559081852992509..comments2023-07-27T10:50:16.609-04:00Comments on How is that Assurance Evidence?: More Commentary from the UnknowingChrishttp://www.blogger.com/profile/03271557297047783414noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6141228044791599805.post-78655956776051029762013-09-09T02:02:26.584-04:002013-09-09T02:02:26.584-04:00This is great!This is great!Theresehttp://thesteammop.info/noreply@blogger.comtag:blogger.com,1999:blog-6141228044791599805.post-10872004153820697342008-08-11T12:25:00.000-04:002008-08-11T12:25:00.000-04:00That article was a the most biased and inaccurate ...That article was a the most biased and inaccurate bit of dross ever penned on the topic of FISMA. The opening and closing statements in the article were given to a marketing guy for a company that competes for Federal security dollars with FISMA compliance. It states FDCC is a USAF program. It says FISMA is heading towards DoD compliance while skipping over the fact that DITSCAP was ditched in favor of the more FISMA guidance-like DIACAP (and that further developments are heading toward a combined standard based on NIST's FISMA guidance).<BR/><BR/>What really gets my goat is that when I commented on it at the SC Magazine site the comments just disappeared. Nice.<BR/><BR/>Karen Evans is supposed to be leaving OMB after the transition so there should be some changes there. I wouldn't blame OMB too much, they also pushed the TIC and FDCC initiatives which are very good operational security initiatives, if overzealous in their implementation.DanPhilpotthttps://www.blogger.com/profile/05604476378903988024noreply@blogger.comtag:blogger.com,1999:blog-6141228044791599805.post-7120103580857018242008-08-08T16:34:00.000-04:002008-08-08T16:34:00.000-04:00So what hope to we have if the same people are in ...So what hope to we have if the same people are in charge at OMB?<BR/><BR/>They can misinterpret the intent just as well with the new legislation.Chrishttps://www.blogger.com/profile/03271557297047783414noreply@blogger.comtag:blogger.com,1999:blog-6141228044791599805.post-34063856072950048062008-08-08T16:12:00.000-04:002008-08-08T16:12:00.000-04:00I lived FISMA as a Federal CISO. The problem with...I lived FISMA as a Federal CISO. The problem with FISMA -- and the reason it's being replaced with new legislation this year -- is that the idiots in OMB who couldn't spell security if you gave them the first seven letters decided that measures of performance instead of measures of effectiveness would be sufficient. Thus, if you run 100% of your agency's workforce through security awareness training in a year, you get a green in that category. But measuring the quality, content or effectiveness of that training is never done. And that's only one example of the flawed process.<BR/><BR/>No ifs, ands or buts, the Federal computing enterprise is owned by foreign, hostile intelligence services, and FISMA has done almost nothing to prevent it. You can argue that FISMA has squandered precious resources for silly scorecards and actually prevented resources from being spent on real security.Thurmanhttps://www.blogger.com/profile/05882862121523348422noreply@blogger.com