Forwarded from: Richard Forno <rfornoat_private> > http://www.fcw.com/fcw/articles/2002/0520/web-cyber-05-21-02.asp > > By Diane Frank > May 21, 2002 > The standards would be "a baseline minimum security configuration > for specific computer hardware or software components, an > operational procedure or practice, or organizational structure that > increases the security of the information technology assets of a > department or agency," according to the amendment. I find it hysterical - and sad - that such a common-sense 'baseline' of what is essentially a crack at 'best practices requirements' for federal systems was an 'amendment' to a piece of legislation and not an original component. Sort of like an afterthought. These Hill folks *still* don't get it. > Working through the National Science Foundation and the National > Institute of Standards and Technology, the bill would inject more > than $900 million into security research, grants, training and > education during five years. Such investment is something educators > and researchers have often called for in recent years. Yep, more LONG-TERM projects. What about the HERE and NOW problems we already know about? > However, the committee had no intention to set technology-specific > standards that could stand in the way of innovation or new > technologies, according to one staff member who asked not to be > named. Good - PKI and smart-cards - while popular and oft-hyped solutions - are essentially snake-oil in most of the large deployments I've seen, doing little to really, truly, increase the level of effective security. However, they could've said something about not using certain operating systems and applications until certified truly secure and stable than they currently are. :) Not surprising they didn't, though. rick infowarrior.org - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 06:47:11 PDT