Of course aside from auditing your systems and "finding" problems. You'd also have to make sure the vendor that you pick will provide "solutions" (as many have stated above).
One good benchmark to base their work off is Orange Book certification for your systems. If they (auditor) don't know what this is, I'd stay away from them like the plague. Especially if you're trying to get in good graces with government agencies.
If it's good enough for the Pentagon, I'd guess it'd be a good reference for others. Though for a system to be truly "Orange" I think it needs to be unplugged from the network or something.:)
As a developer that already (roughly) conforms to standards enough to create a decent user experience, personally I could care less about what browser what company uses... if we're on the topic of AOL conforming to standards, I'd much rather see them fix their "evil proxies" and "email" issues than trying to appease the open source community or trying to save a buck by avoiding msoft licensing fees.
Slashdot Mirror
Of course aside from auditing your systems and "finding" problems. You'd also have to make sure the vendor that you pick will provide "solutions" (as many have stated above).
One good benchmark to base their work off is Orange Book certification for your systems. If they (auditor) don't know what this is, I'd stay away from them like the plague. Especially if you're trying to get in good graces with government agencies.
If it's good enough for the Pentagon, I'd guess it'd be a good reference for others. Though for a system to be truly "Orange" I think it needs to be unplugged from the network or something. :)
As a developer that already (roughly) conforms to standards enough to create a decent user experience, personally I could care less about what browser what company uses... if we're on the topic of AOL conforming to standards, I'd much rather see them fix their "evil proxies" and "email" issues than trying to appease the open source community or trying to save a buck by avoiding msoft licensing fees.