Is your agency failing FISMA?
Is your agency failing to meet its Federal Information Security Management Act (FISMA) requirements? If so, perhaps it's because you feel that FISMA has become nothing more than a "paper drill." Or perhaps you feel that the auditors have become "bounty hunters," getting paid for the number of findings they report. More than likely you or someone in your agency just doesn't see the full value in the entire process because of the complaints. Randy Nash provides an introduction and general overview to the Federal Information Security Management Act (FISMA) and the Certification and Accreditation (C&A) process and examines why many organizations have trouble complying.
[ Read more ]