NASA's new FISMA approach and what it means for you

[InfoSec News <alerts () infosecnews org>]

http://fcw.com/articles/2010/05/24/web-nasa-fisma-memo.aspx

By Ben Bain
FCW.com
May 24, 2010

This year, NASA officials won't have to go through a traditional 
paper-based process for recertifying existing systems as compliant with 
security requirements, according to a notice from the agency's 
information technology office.

The edict is a significant break with the way agencies typically have 
measured their systems' security and, if other agencies follow NASA's 
lead, it could have governmentwide implications.   

Agencies are required to get their systems certified and accredited 
under the Federal Information Security Management Act. However, critics 
say the paper-based reports that agencies have typically completed to 
meet those requirements amount to costly, time-consuming, snap-shots of 
security.

Last month the Obama administration announced new standards for agency 
reporting under FISMA as part of an effort to get agencies to shift from 
paper-based reports to real-time monitoring of systems. Citing those new 
instructions, NASA's Deputy Chief Information Officer for IT Security 
Jerry Davis sent a memo May 18 that said the agency will not generally 
require leaders to recertify existing systems with the paper-based 
process. 

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/