Letter: FISMA standards lack clarity, waste time

Regarding "Fountain: FISMA's fifth birthday," FISMA is one of the biggest boondoggles and waste of time, money and effort I've seen in a long time. Granted, it does give people and companies like the author's an opportunity (and reason) to exist and make some decent money at government expense, but most of it is just plain old common sense. 

The bad thing is the interpretation of FISMA. A lot of the "standards" that [the National Institute of Standards and Technology] issues make perfect sense in a mainframe environment, but many others have no real bearing on the PC environment without further clarification. Some agencies take everything NIST says as pure gospel, so things like (paraphrased) "all changes to the base configuration of the machine will be requested, tested, and documented before being placed in production" are taken to mean if the user changes their screen saver, these steps need to be
taken, etc.

Garbage like this has wasted so much of my time these last few years that, compounded across government, it has to easily be within the tens or hundreds of millions of dollars. There simply has to be a better, more efficient way of accomplishing common-sense standards than with
poorly worded and poorly explained "standards" that computer illiterate lawmakers pass into law.


What do you think? Paste a comment in the box below (registration required), or send your comment to letters@fcw.com (subject line: Blog comment) and we'll post it.

The Fed 100

Nominations for the 2016 Federal 100 Awards are now being accepted. 


Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group