bulletholes

From Nextgov:

The first revision to Special Publication 800-37 — “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life-Cycle Approach” — will help agencies comply with the 2002 Federal Information Security Management Act, which requires them to identify and take inventories of their IT systems and determine the sensitivity of information stored on those systems. FISMA has long been criticized for focusing too heavily on compliance and not enough on monitoring and testing of computer systems for vulnerabilities.

Article Link

(Image used under CC from LordSchrammi‘s Flickr stream)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.