Given the rise of cybercrime over the last few years, few would argue that the federal government is doing enough to address the risks, although the National Institute of Standards and Technology has been trying.
Earlier this year, NIST developed Revision 4 of its 800-53 standard that aims to set a higher standard of security for federal government information processing systems. This is a huge undertaking, as there are more than a million of these processing systems today.
The latest standard from NIST gives us a more tangible protocol for approaching Federal Information Security Management Act (FISMA) compliance than agencies have had previously. However, there is a major difference between being “compliant,” and being “secure.”
There are a couple of common fallacies and pitfalls that leave a compliant organization still vulnerable to cyber criminals.