Eight years later it looks like FISMA (Federal Information Security Management Act) might get some teeth! Is this the work of the new CISSP in cheif? The CIO of the Federal government said ““Significant issues have hindered the federal government’s effectiveness in cybersecurity” siting a “culture of compliance” as a main factor leading to lack of any solidarity between government agencies and the public sector.
The key to this update, called H.R.4900 – Federal Information Security Amendments Act of 2010 is that it uses REAL TIME monitoring rather than an audit, which shows compliance only at a point in time. Prepping for an audit based certification encourages exactly that. The push to be ready for that one place in time. Monitoring based certification pushes the enterprise or entitiy to constantly update the security posture.