Wednesday, May 21, 2008

FISMA 2007 Scores

The great annual exercise of control-compliant security, the US Federal government 2007 FISMA report card, has been published. Since I've been reporting on this farce since 2003, I don't see a reason to stop doing so now.

If you're the sort of sports fan who judges the success of your American football team by the height of the players, their 40-yard dash time, their undergraduate school, and other input metrics, you'll love this report card. If you've got any shred of sanity you'll realize only the scoreboard matters, but unfortunately we don't have a report card on that.

Thanks to Brian Krebs for blogging this news item.

3 comments:

Anonymous said...

Can't we stop the madness? Couldn't a Director or someone just...not participate? I envision a performance review: "You ran your dept really well, but I'm gonna have to ding you for not wasting money and time assessing your security to the exclusion of improving it. Overall, Exceeds Expectations. "

Just a pipe dream

gunnar said...

there is a girl in elementary school. the teacher asks 'if there are ten sheep in a pen and the door opens and one goes out - how many are left?'

the girl says none

the teacher says wrong you don't know anything about math

the girl says no you don't know anything about sheep

Anonymous said...

I've been undergoing the FISMA compliance/interrogation for four (4) months now. Today I was asked for about the 100th time how my users access the web server. I'm convinced all the people doing the audit have spent the last couple of years in Guantanamo.

My response for the 100th time:
My users access the system using a web browser.