Information Security News mailing list archives
Security plan OK'd
From: William Knowles <wk () C4I ORG>
Date: Mon, 11 Dec 2000 14:19:53 -0600
http://www.fcw.com/fcw/articles/2000/1211/news-secur-12-11-00.asp BY Diane Frank 12/11/2000 The federal CIO Council last week released the final version of an initial framework designed to let agencies determine where improvements are needed in their security programs. The councils security subcommittee developed the Federal Information Technology Security Assessment Framework to provide agencies with a way to measure their systems security against a five-level assessment. The framework is based on guidance from the Office of Management and Budget, the National Institute of Standards and Technology and the General Accounting Office. "As a CIO, it allows me to focus on the asset itself and identify [not only] what Im doing well that may be repeatable someplace else but also what I need to fix," said Brian Burns, head of the framework working group and deputy chief information officer at the Department of Health and Human Services. Work on the framework began early this year, and subcommittee chairman John Gilligan intended to give it to Rep. Stephen Horn (R-Calif.) to determine the security grades he issued in September. But Horn used a questionnaire developed by his staff, instead, and the governmentwide result was a D-minus. Now the CIO Council and OMB are recommending that agencies start using the framework to perform the annual assessments required under the new Government Information Security Reform Act, passed in October as part of the fiscal 2001 Defense Authorization Act. NIST is developing a companion to the framework, a self-assessment questionnaire to be released early in 2001. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Security plan OK'd William Knowles (Dec 13)