AOH :: IS1481.HTM

Analysis: FISMA not real security measure




Analysis: FISMA not real security measure
Analysis: FISMA not real security measure



http://www.metimes.com/Security/2008/12/16/analysis_fisma_not_real_security_measure/aab2/ 

By SHAUN WATERMAN 
UPI Homeland and National Security Editor
December 16, 2008

WASHINGTON, Dec. 16 (UPI) -- An audit of information security at the 
Department of Justice says that though the agency got an A-plus rating 
under federal standards, those measure only processes on paper and that, 
in reality, no one knows how secure computers in the department -- and, 
by extension, the rest of the federal government -- are.

The audit, by Justice Department Inspector General Glenn A. Fine, also 
noted that the department "lacks effective methodologies . for 
maintaining an inventory of devices connected to the department's 
various (information technology) networks."

The Federal Information Security Management Act of 2002 says all federal 
departments and agencies must conduct yearly assessments to measure 
their compliance with information security standards in the act.

In May the Justice Department's compliance was rated A-plus by the U.S. 
House Committee on Oversight and Government Reform.

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods