Resources for Federal Information Security Management Act (FISMA)

The FISMA paradigm

www.gcn.com

There is no question that the Federal Information Security Management Act has changed the way information technology managers do their jobs. It has changed the way agencies write requests for proposals and set standards for vulnerability and configuration scanning — and it eats up days and weeks in the production of reports.

The question remaining is whether federal IT systems are more secure now.

Rich Kellet, IT security officer at the General Services Administration’s Citizen Services and Communications office, gave a qualified yes. Requirements for monthly vulnerability scans with deadlines for correcting critical problems have resulted in more secure systems. But Kellet described himself as skeptical about the overall requirements for detailed reporting to the Office of Management and Budget.

One of the bright spots in the FISMA paradigm is the guidance produced by the National Institute of Standards and Technology. The 800-series of special publications produced by the NIST Computer Security Division puts flesh on the bare bones of FISMA with guidelines and specifications for meeting compliance requirements.

View the Resource

Share or bookmarklet this web page at: