An article I wrote in CongressDaily on March 11 previewing a Senate Homeland Security and Governmental Affairs Federal Financial Management Subcommittee hearing about the Federal Information Security Management Act struck a nerve over at the National Institute of Standards and Technology -- big time.
In the story, Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research group, blamed NIST for some of FISMA's failings. He said NIST's guidelines are too broad and he claimed that "the people at NIST, if they ever ran IT systems, it's been decades."
Since the piece was written on a tight deadline, I was unable to reach out to get a reaction from NIST at the time, so Ron Ross, leader of NIST's FISMA implementation project offered up some thoughts on Monday (per my suggestion). So, here goes...
The NIST team includes plenty of private and public sector expertise in development and testing of IT products and systems, and conducting simulated attacks on networks, he wrote. They also work closely with those who run NIST's own IT systems "to get feedback on the practicality of proposed safeguards and countermeasures."
"To complement this broad base of technical and management expertise, NIST employs a comprehensive public review process on every FISMA standard and guideline. In most cases, the FISMA security publications go through three full public vetting cycles," Ross wrote, noting that NIST also seeks input from security and IT professionals nationwide.
His bottom line: "The process employed by NIST to develop FISMA standards and guidelines does work. FISMA security publications are widely accepted and appreciated by federal IT managers and security professionals, and are in fact frequently adopted on a voluntary basis by many organizations in the private sector."
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Tech Daily Dose does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.
New Media
Online Politics
Tech Policy
Responded on November 13, 2009 5:47 AM
Breendy
I just got an iphone 3g and I got so excited that i filled it with loads of applications and songs (about $30 worth). The other day when i plugged my click here into the computer on itunes it said to reset the iphone to factory settings. I dont want to loose all my apps so what can i do? PLEASE REPLY A.S.A.P.
Responded on November 13, 2009 5:39 AM
Breendy
Hello, I have the iPhone 2G (1st Generation) and I wan to sell it tomorrow. I will be travelling to Canada soon and will ge the new unlockiphone22.com later on. How can I save my contact list from the iPhone to my computer, and then copy that information to another computer since I'm not taking this computer with me? I am using Windows OS. Best regards, Woody :.
Responded on October 20, 2009 12:30 PM
Breendy
Do you guys like the way stanza and the kindle app work on the iphone? Does it make reading comfortable?
________________
how to unlock iphone 3g
Responded on October 20, 2009 12:29 PM
Breendy
When I try to download apps or songs on my iPhone, a message pops up that says my account only allows for downloads from the Australian store but I don't know how to get there.
________________
buy unlock iphone
Responded on October 20, 2009 12:29 PM
Breendy
I'm considering getting an iPhone, but I'm not planning to pay extra for a data plan. If I understand correctly, I should be able to connect to my home wireless router or other unsecured wireless wifi routers and get FULL internet access without paying for the data plan. I just wouldn't be able to get internet access from everywhere. Is this correct?
________________
buy unlock iphone 3g
Responded on October 13, 2009 3:33 PM
Breendy
I have a PC and I sent it to reparation. I did a backup before but unfortunately it was only the programs that were copied. So now my PC is back and I don't have any song on it, but I do have some in my iphone. I tried to sync but it would only copy my computer's library onto my iphone and not the other way around. Can anyone help???
________________
unlock iphone 3gs
Responded on October 13, 2009 3:32 PM
Breendy
I had to restore my computer .. How do I transfer music that is on my iphone already back on to iTunes?
________________
unlock iphone 3gs
Responded on October 13, 2009 3:29 PM
Breendy
I have windows, and I cant figure out how to send pictures to my iphone. Can anyone help?
________________
unlock iphone 3gs
Responded on September 15, 2009 4:10 AM
Breendy
I followed directions form the Adobe site to put it in the Filters folder but is not showing up in CS4. I installed both the 32 and 64 in the correct locations but is not available in either version. Any clues on how to fix this?
________________
Number 1 http://digg.com/pc_games/Best_WOW_Guide_info - wow mining guide
Responded on September 15, 2009 4:10 AM
Breendy
Lately I've been listening to the music on Newgrounds,and it has inspired me to make my own.I was wondering if anyone knows of free(or at least offering trials) Music creation software that won't stuff a thousand different stupid viruses onto my computer~ Thanks a ton guys.
________________
The best http://digg.com/pc_games/Best_WOW_Guide_info - wow leveling guide
Responded on September 15, 2009 4:06 AM
Breendy
You can use a simple DVD-R or if you want to be able to erase the DVD or ADD other Data to the DVD later, get your self some Rewritable DVD-R
________________
#1 http://best-wow-guide.info - wow mining guide