Government Computer News
FISMA from the inside out
Roundtable focuses on the details of improving security
Digg
De.licio.us
Slashdot
Technorati
Image:
Talking about the grades, we think it’s a way for us to set a benchmark and measure milestones. It’s also a way of catching the agencies’ attention.”
—Victoria Proctor, House Government Reform Committee
—Victoria Proctor, House Government Reform Committee
But lost in the consternation over feds’ cumulative D+ is the fact that some agencies actually pulled up that average. What are the Agency for International Development, Environmental Protection Agency, Labor Department, Office of Personnel Management and Social Security Administration—all A+ recipients—doing right in securing their systems?
In late April, federal officials convened at GCN’s offices in Washington to discuss the role of FISMA and what agencies need to do to improve their grades.
Around the table were Karen Evans, administrator of e-government and IT for the Office of Management and Budget; Glen Schlarman, OMB’s chief of the information policy and technology branch; Victoria Proctor, a professional staff member for the House Government Reform Committee; Ron Ross, a senior computer scientist and information security researcher at the National Institute of Standards and Technology’s FISMA implementation project; and Phil Heneghan, chief information security officer at AID.
Offering industry’s perspective were Terri Allen, a senior vice president at Cloakware Corp. of Vienna, Va., and Dave Steidle, director of product management at netForensics Inc. of Edison, N.J.
The discussion was wide-ranging, but frequently came back to management issues. In short, participants agreed, for security (and FISMA grades) to improve, business leaders within each agency—not technologists—must understand what’s at stake and drive security efforts.
As Evans put it, “The real motivating factor is not ending up on the front page of the Washington Post.”
Ultimately, there may be better days ahead for FISMA. As Ross pointed out, NIST has only just finished all the guidance mandated by the act.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [justice]](/images/1105logo_website.gif "Government Computer News [justice]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
