Government Information Security Podcast

Interview with National Science Foundation CIO George Strawn It's not too often you find an IT leader praising FISMA, but National Science Foundation CIO George Strawn says his agency has made great strides in securing IT by following Office of Management and Budget guidance on the Federal Information Security and Management Act. "We've had A's and A-pluses for the last two or three years from the congressional grading of the results from FISMA," Strawn says, in an interview with Information Security Media Group's GovInfoSecurity.com "Does it work? If you think that FISMA means certify and accredit of all of your information systems, you can make it a paper process that is nothing but bureaucratic, and really doesn't improve the security for much. "I suppose we spent little more on C&A process than they were worth. but since we take security seriously and have a multi-dimensional security process, overall we're pretty satisfied with the requirements that have come down form OMB-land to us. Some of them m