« Project LASSO Gets An Update | Main | The SuperBowl, Log Data and TiVO »
GAO says that not complying with FISMA can mean 'high risk'
The US Goverment Accountability Office (GAO) has unveiled their 2007 "High Risk" List and government systems security tops the list. The complete report points out that government agencies have largely failed to comply with the Federal Information Security Management Act (FISMA) requirements to create and implement information security programs. The report says that "the Department of Homeland Security (DHS) and the National Cyber Security Division have not met key cybersecurity responsibilities" to secure systems in government agencies and across information systems that share data with the government.
The goal of the report is to recommend:
Lasting solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the public, strengthen confidence and trust in the performance and accountability of the U.S. government, and ensure the ability of government to deliver on its promises.
Protecting information assets is a requirement for US Government agencies and businesses that interact with government information, too. When next generation log management and intelligence is coupled with the FISMA security standard, enterprises can move from reactively responding to security breeches and designate continuous compliance as a strategy. They can also get aligned with controls and regulations to not only protect information assets, but automatically adheres to required standards developed by NIST including: FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems), NIST 800-59 (Guideline for Identifying an Information System as a National Security System) and NIST 800-60 (Guide for Mapping Types of Information and Information Systems to Security Categories).
In late September NIST published final version of the "Guide to Computer Security Log Management." LogLogic's security veteren Anton Chuvakin participated in the review process. One area that Anton hoped would open up a bit was to eliminate the wall between security uses of logs and other IT uses for troubleshooting and other management issues related to IT and logs.
Log Management is becoming increasingly important to IT and is now helping Government agencies as one of our customers discussed at length with SANS in a What Works Case Study in December.
You can learn more about FISMA in this Government Computer News webcast interview we sponsored last month with Dr. Ron Ross of NIST. Ross went through FISMA guidelines, cleared up misconceptions on FISMA Compliance, and made recommendations for sound strategies to to get compliant with FISMA in short order.
A PDF download of the GAO's complete 2007 "High Risk" List is available here.
Posted February 03, 2007 in | Permalink
TrackBack
TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/139
June 2008
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 |
Categories
Archives
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005