http://fcw.com/articles/2010/05/24/web-nasa-fisma-memo.aspx By Ben Bain FCW.com May 24, 2010 This year, NASA officials won't have to go through a traditional paper-based process for recertifying existing systems as compliant with security requirements, according to a notice from the agency's information technology office. The edict is a significant break with the way agencies typically have measured their systems' security and, if other agencies follow NASA's lead, it could have governmentwide implications. Agencies are required to get their systems certified and accredited under the Federal Information Security Management Act. However, critics say the paper-based reports that agencies have typically completed to meet those requirements amount to costly, time-consuming, snap-shots of security. Last month the Obama administration announced new standards for agency reporting under FISMA as part of an effort to get agencies to shift from paper-based reports to real-time monitoring of systems. Citing those new instructions, NASA's Deputy Chief Information Officer for IT Security Jerry Davis sent a memo May 18 that said the agency will not generally require leaders to recertify existing systems with the paper-based process. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Mon May 24 2010 - 22:37:26 PDT
This archive was generated by hypermail 2.2.0 : Mon May 24 2010 - 22:47:33 PDT