Archive for the ‘FISMA’ tag
Federal Regulations Mandates Protection Of Private Sector Data
Here’s some very interesting reading material. I must admit that I was not aware of all the Federal policies to govern and protect IT systems and data in private sector companies. Below you can read the summary of the United States Government Accountability Office GAO-08-1075R.
More important, this document lists some of the penalties and enforcement options that the Feds can use.
Summary of Federal Requirements for Securing Privately Owned IT Systems and Data
Federal policy identifies 18 infrastructure sectors–such as banking and finance, energy, public health and healthcare, and telecommunications–that are critical to the nation’s security, economy, public health, and safety. Because these sectors rely extensively on computerized information systems and electronic data, it is crucial that the security of these systems and data is maintained. Further, because most of these infrastructures are owned by the private sector, it is imperative that public and private entities work together to protect these assets. The federal government uses both voluntary partnerships with private industry and requirements in federal laws, regulations, and mandatory standards to assist in the security of privately owned information technology (IT) systems and data within critical infrastructure sectors. As agreed, our objectives were to (1) identify, for each critical infrastructure sector, the federal laws, regulations, and mandatory standards that pertain to securing that sector’s privately owned IT systems and data and (2) identify enforcement mechanisms for each of the above laws, regulations, and mandatory standards.
Read the rest of this entry »