By Ben Bain
May 24, 2010
This year, NASA officials won't have to go through a traditional
paper-based process for recertifying existing systems as compliant with
security requirements, according to a notice from the agency's
information technology office.
The edict is a significant break with the way agencies typically have
measured their systems' security and, if other agencies follow NASA's
lead, it could have governmentwide implications.
Agencies are required to get their systems certified and accredited
under the Federal Information Security Management Act. However, critics
say the paper-based reports that agencies have typically completed to
meet those requirements amount to costly, time-consuming, snap-shots of
Last month the Obama administration announced new standards for agency
reporting under FISMA as part of an effort to get agencies to shift from
paper-based reports to real-time monitoring of systems. Citing those new
instructions, NASA's Deputy Chief Information Officer for IT Security
Jerry Davis sent a memo May 18 that said the agency will not generally
require leaders to recertify existing systems with the paper-based
Best Selling Security Books and More!
Shop InfoSec News