Quick Study

By Brian Robinson

Blog archive

NIST guidelines: Broccoli and cheese

For government agencies, complying with new security guidelines from the National Institute of Science and Technology can be the equivalent of eating broccoli: It’s good for you, but that doesn’t mean you enjoy it. With recent announcements, however, there’s a heaping of tasty melted cheese included in the form of potentially saving big bucks.

In a GovInfoSecurity.com interview, NIST’s Federal Information Security Management Act project leader, Ron Ross, shows how agencies can team with other agencies -- or candidly piggyback on their work -- to hack away at the time and effort needed to qualify IT products and services for purchase.

That’s a part of NIST Special Publication 800-37, a guide for agencies to apply risk management techniques to harmonizing IT certification and accreditation across the government. That was just one of a number of announcements NIST made about security issues in late February.

Ross said there are now three distinct types of IT authorizing approaches agencies can use, starting with the traditional single authorization where an agency official does all the work to authorize each system. Now there is also a joint authorization, where multiple authorizing officials can work together to authorize something like a service that many agencies will be using.

And then there is something called a leveraged authorization, where agencies can use the documentation and evidence that other agencies have created as the basis for their own risk decision.

Ross said there has been a change in the culture over the past few years that has required these kinds of changes, together with technological innovations such as cloud computing, that require a more collaborative environment. Civilian, military and intelligence agencies are much more inclined to cooperate and share on these kinds of things.

That all makes sense, but I guess we’ll have to see how this rolls out in practice. Kumbaya has not proven to be a very practical philosophy in the past.

And, by the way, in case people feel like complaining, the lead was inspired by George H.W. Bush. I. actually. like broccoli.

Posted by Brian Robinson on Mar 15, 2010 at 12:19 PM


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.