Penetration Testing mailing list archives
Government Compliance
From: Security Professional <redteamer () gmail com>
Date: Thu, 16 Jun 2005 08:03:01 -0400
Dave, I hear your concerns. I too perform red teaming for the govt. and deal with FISMA all the time. The problem with FISMA is that it is treated as a "check in the box" and not as an important security mandate. People are "aggrivated" by it and just do the minimum to be able to check off the box and move on. This is typical in the govt. most places you go. It's just the nature of the beast. But, what your team should be doing is not only the check in the box type tests, but also full blown pen-tests year round. This needs to be initiated by your immediate supervisor and moved up the chain from him / her. If it is brought directly to the higher ups, they won't understand the need for constant red teaming because they "think" you already have this happening for FISMA requirements.
Current thread:
- Government Compliance Dave (Jun 16)
- Re: Government Compliance Kevin Lee (Jun 16)
- Re: Government Compliance David J. Bianco (Jun 16)
- Re: Government Compliance Diego Kellner (Jun 16)
- RE: Government Compliance Robert Hines (Jun 16)
- Re: Government Compliance Jay D. Dyson (Jun 16)
- Re: Government Compliance R. DuFresne (Jun 16)
- AW: Government Compliance Jörg Maaß (Jun 16)
- <Possible follow-ups>
- Government Compliance Security Professional (Jun 16)
- RE: Government Compliance Kasyan, Walter A (Tony) (Jun 16)
- RE: Government Compliance Smith, Michael J. (Jun 16)
- Re: Government Compliance Tim Adams (Jun 16)
- RE: Government Compliance Keith T. Morgan (Jun 16)
- RE: Government Compliance Todd Towles (Jun 16)
- Re: Government Compliance frank_kenisky (Jun 16)
- Re: Government Compliance Jeffrey Denton (Jun 16)
- RE: Government Compliance L. Walker (Jun 20)
- Re: Government Compliance Jeffrey Denton (Jun 16)