February 26th, 2009 by Valerie Barber, Senior Marketing Manager
The Obama administration has been floating rumors of a Federal CTO for a while and the president has stated that cyber-security is a matter of national security. Now there’s talk of the Consensus Audit Guidelines (CAG), a new approach to federal IT security that was introduced for public review and comment on February 23. CAG is a set of 20 security controls proposed by some federal agencies including DoD, provides new security audits that encourage automated defensive mechanisms, including an automated inventory of authorized and unauthorized hardware and software to assess network security. Sounds like a perfect fit for EM7 to me!
The CAG leverages the efforts of the private sector and government to identify and address the 20 biggest cyber holes that can be closed to prevent or lessen the consequences of cyber-attacks. It includes security control activities that CIOs, information security officers and inspector generals can employ to evaluate the security of information systems.
If approved and implemented, CAG could replace FISMA. Critics continue to question the value of the FISMA report card. John Gilligan, former Air Force CIO and head of consultancy at the Gilligan Group is heading the CAG initiative has said, “The federal government FISMA legislation that federal agencies comply with has only proven to be partially successful.” Listen to his interview regarding CAG.
The public review and comment of this draft runs through March 23, 2009, then pilots will be conducted in several federal agencies to test and compare the CAG for value and cost against the current practices in use. Read about the six pronged approach to moving the CAG toward broad adoption.