Hello. I am currently doing an analysis of your report and I have several questions.
1. What do you consider to be the most significant change to FISMA that is proposed?
2. Do you expect new Industrial Control System (ICS) regulations to be based on NIST 800-82?
3. There have been many efforts on the procurement front to ensure the security of software that the government purchases including NIAP, Common Criteria Certification and SCAP. This is discussed in the report What regulations are needed to consolidate this into a common stable process for vendors?
4. Does the document propose merging the military and civilian security standards (that seems to be implied) such as FDDC and the DISA-STIGs?
5. What role do you expect existing security/compliance organizations, such as ISSA, ISACA and particularly Infragard, with the three new public-private organizations that the report proposed to create?
6. The SCAP process has worked on a common format for reporting compliance of federal systems. Should this become the overall government standard and should it be mandated for private compliance as well?
7. The report made a strong point that information security must be a global effort (which is part of the reason to remove most of that responsibility from the Department of Homeland Security). What role should organizations like ISO play in this effort?
Slashdot Mirror
I used this quite a bit in the old days. http://www.micheleandreoli.it/mulinux/
Hello. I am currently doing an analysis of your report and I have several questions.
1. What do you consider to be the most significant change to FISMA that is proposed?
2. Do you expect new Industrial Control System (ICS) regulations to be based on NIST 800-82?
3. There have been many efforts on the procurement front to ensure the security of software that the government purchases including NIAP, Common Criteria Certification and SCAP. This is discussed in the report What regulations are needed to consolidate this into a common stable process for vendors?
4. Does the document propose merging the military and civilian security standards (that seems to be implied) such as FDDC and the DISA-STIGs?
5. What role do you expect existing security/compliance organizations, such as ISSA, ISACA and particularly Infragard, with the three new public-private organizations that the report proposed to create?
6. The SCAP process has worked on a common format for reporting compliance of federal systems. Should this become the overall government standard and should it be mandated for private compliance as well?
7. The report made a strong point that information security must be a global effort (which is part of the reason to remove most of that responsibility from the Department of Homeland Security). What role should organizations like ISO play in this effort?
Thanks.