Re: [ISN] New opportunities for NIST

From: InfoSec News (isnat_private)
Date: Wed Dec 04 2002 - 22:54:03 PST

  • Next message: InfoSec News: "[ISN] Let's Bring Em Home, Again!"

    Forwarded from: matthew patton <pattonmeat_private>
    > Federal security could improve if the secretary should decide to
    > make additional NIST guidance and standards mandatory, but such a
    > decision could also have drawbacks, said Sallie McDonald, assistant
    > commissioner for information assurance and critical infrastructure
    > protection at the General Services Administration. "But you don't
    > get people's cooperation for the right reasons," and involuntary
    > compliance could lead to agencies just checking off another
    > requirement box instead of using the guidelines to improve their
    > security management, she said.
    Sure enough. But considering how bad most federal systems are, isn't
    mandatory compliance with a reasonable set of standards better than
    the tenuous notion that people should improve their security
    management based on said guidelines? If the IG's of the world were
    consistently giving agencies B- or better grades I would have no
    argument. But as I recall, practically everybody is in the D- or F
    category. It's time IMO to start breaking fingers and bashing heads.
    Agencies who have national security impacting systems and who know
    better are playing fast and careless with security. We ought to be
    sacking a lot of people, gov't and contractor alike.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 01:35:09 PST