RSS Feed
Twitter
1 Comment
"We found that NASA did not comply with FISMA requirements for the reporting of national security systems for FYs 2007 and 2008 because NASA had not clearly assigned this responsibility to a specific NASA office. Further, NASA had not formally designated an entity with appropriate resources to complete the annual independent evaluations of its national security systems required by FISMA. We notified the Agency about this issue in February 2009, and NASA immediately assigned the responsibility to the Office of the Chief Information Officer (OCIO). In response to our draft report, NASA assigned the Office of Protective Services (OPS) to work with the OCIO to gather and compile the required information to report to OMB and stated that a formal agreement with an independent entity was being developed. We consider management's proposed actions to be responsive and will close the related recommendation after verifying that the Agency has established a formal agreement with an entity with the appropriate resources to conduct the annual independent evaluation of NASA's national security systems."
- 7 Feb: NASA Commercial Crew Forum [New]
- 7 Feb: NASA Talk Features Pioneer Researcher and Inventor [New]
- 8-9 Feb: NASA and Industry Join Forces for Virginia Aerospace Day [New]
- 9 Feb: NASA International Space Station Advisory Committee Meeting
- 9 Feb: NASA Hosts Special Event With Recent Space Station Residents [New]
- 10 Feb: Media Invited to see Space Hardware Bound for Japan [New]
- 10-11 Feb: Astronomy and Astrophysics Advisory Committee Meeting
- 11 Feb: NASA Astronaut to Honor Black History at Virginia Air and Space Center [New]
- 13 Feb: ESA Briefing on New Results from Planck Mission
- 14 Feb: Astronauts' Discussion Of Recent International Space Station Mission
- 14 Feb: NASA Tweetup With Space Station Astronaut Ron Garan
- 15 Feb: STA reception with Mike Coats
- 15-16 Feb: 15th Annual FAA Commercial Space Transportation Conference
- 21 Feb: ISU 16th Annual Symposium: Sustainability of Space Activities: International Issues and Potential Solutions
- 22 Feb: 2012 International Geoscience and Remote Sensing Symposium
- 22-23 Feb: 2012 NASA PM Challenge
- 23 Feb: NASA Advisory Council Science Committee Planetary Science Subcommittee Meeting
- 26-28 Feb: Space Exploration Alliance 2012 Blitz
- 27-28 Feb: Second International MEPAG Meeting
- 27-29 Feb: Next-Generation Suborbital Researchers Conference
- 28 Feb - 1 Mar: 4th Annual NASA STEM Educators Workshop Series
- 2 Mar: NASA Glenn Tweetup Celebrating 50th Anniversary Of First American To Orbit Earth
- 6-7 Mar: JPL Hosts High-Tech Small Business Conference
- 22 March: Symposium on Suborbital and Small Satellite Missions
- 22-23 Mar: NASA Adminstrator Bolden Speaks at Aerospace and Defense Conference [New]
- 27-29 Mar: 50th Robert H. Goddard Memorial Symposium
- * Submit Your Event | More Events *
Nothing in my life has made me lose respect for "metrics" quicker than the FISMA C&A reporting stuff. I'm not going to dispute that proper documentation and accountability are critical for IT security - but right now we're:
* Gathering metrics verbatim from broken patch management tools with false positives and insisting that we live by those results
* Assigning favored vendors with virtually no operational experiense the task of "auditing" our compliance
* Providing HQ and OMB level visibility into every single documentation task, no matter how small a system or problem
* Holding individual sysadmins responsible for "POAM Items" that live at Headquarters and demanding documentation of when they'll be remediating HQ's mistakes.
The list could go on a while!
There's a lot more that goes into properly securing computer systems than headquarters demanding that you boil it all down into whether you're "Red, Yellow or Green" this month and it's very frustrating to have the "metrics" take center stage over actual security.