Information Security News mailing list archives
Analysis: FISMA not real security measure
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Dec 2008 00:15:15 -0600 (CST)
http://www.metimes.com/Security/2008/12/16/analysis_fisma_not_real_security_measure/aab2/ By SHAUN WATERMAN UPI Homeland and National Security Editor December 16, 2008 WASHINGTON, Dec. 16 (UPI) -- An audit of information security at the Department of Justice says that though the agency got an A-plus rating under federal standards, those measure only processes on paper and that, in reality, no one knows how secure computers in the department -- and, by extension, the rest of the federal government -- are. The audit, by Justice Department Inspector General Glenn A. Fine, also noted that the department "lacks effective methodologies . for maintaining an inventory of devices connected to the department's various (information technology) networks." The Federal Information Security Management Act of 2002 says all federal departments and agencies must conduct yearly assessments to measure their compliance with information security standards in the act. In May the Justice Department's compliance was rated A-plus by the U.S. House Committee on Oversight and Government Reform. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.html
Current thread:
- Analysis: FISMA not real security measure InfoSec News (Dec 16)