Vavada - это онлайн-казино, предоставляющее широкий выбор азартных игр, включая слоты, рулетку, блэкджек и другие. Vavada привлекает игроков разнообразными бонусами и акциями.

A couple weeks ago, NASA announced it was all but done with certification and accreditation (C&A), calling it “cumbersome and expensive.” Many were intrigued by such a statement – not because it was wrong, but because it represented a potentially interesting shift in the status quo, done in a somewhat rebellious manner. NASA instead favors a “risk-based approach” that relies more heavily on continuous monitoring. NASA also cited significant cost savings from cutting back C&A activities.

Seemingly in direct response to this outburst, NIST has now released an update to their continuous monitoring FAQ, specifically pointing out that C&A activities are a necessary component of risk-based management of systems, and highlighting that continuous monitoring alone is insufficient.

One of the true oddities of the NASA statement is that continuous monitoring is only one component of the overall NIST Risk Management Framework (RMF). It’s unclear how they concluded that they could just pick one box out of the overall process and claim it covers everything – especially considering their claim to be seeking a risk-based approach.

Of course, in the end it may not matter at all. The House has passed FISMA reform this past week in it’s national security spending bill (also see this Information Week article; didn’t we used to call it “Defense appropriations”? anyway…). The bill also calls for the establishment of a “National Office of Cyberspace” to have better authority than Howard Schmidt currently has in his White House cabinet position. Similarly, the Senate is also pushing through reform, including yet another hare-brained attempt to give the federal government broad, sweeping powers over private critical infrastructure in “emergency” situations. This time around, the bill seeks to authorize DHS with such powers, whereas previous attempts focused on authorizing the President directly. We’ll see what becomes of this, but suffice to say that the move has not gone unnoticed in the security community.