Is your agency failing FISMA?
Is your agency failing to meet its Federal Information Security Management Act (FISMA) requirements? If so, perhaps it's because you feel that FISMA has become nothing more than a "paper drill." Or perhaps you feel that the auditors have become "bounty hunters," getting paid for the number of findings they report. More than likely you or someone in your agency just doesn't see the full value in the entire process because of the complaints. Randy Nash provides an introduction and general overview to the Federal Information Security Management Act (FISMA) and the Certification and Accreditation (C&A) process and examines why many organizations have trouble complying.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.