BROADCASTS.com

b'Interview with National Science Foundation CIO George Strawn\\n\\n

It\'s not too often you find an IT leader praising FISMA, but National Science Foundation CIO George Strawn says his agency has made great strides in securing IT by following Office of Management and Budget guidance on the Federal Information Security and Management Act.\\n\\n

"We\'ve had A\'s and A-pluses for the last two or three years from the congressional grading of the results from FISMA," Strawn says, in an interview with Information Security Media Group\'s GovInfoSecurity.com "Does it work? If you think that FISMA means certify and accredit of all of your information systems, you can make it a paper process that is nothing but bureaucratic, and really doesn\'t improve the security for much. \\n\\n

"I suppose we spent little more on C&A process than they were worth. but since we take security seriously and have a multi-dimensional security process, overall we\'re pretty satisfied with the requirements that have come down form OMB-land to us. Some of them my be a little bit onerous, then others we think may not be quite worth the cost, but if you integrate over the whole process, they\'ve done a pretty good job of telling us what to do and we\'ve done a pretty good job of doing it, and I think we\'re much more secure because of that partnership."\\n\\n

In the interview, Strawn also points out that because of its relatively small size - its annual budget is about $6 billion - NSF assigns many of its operational IT staffers cybersecurity responsibilities.\\n\\n

Strawn was interviewed by Eric Chabrow, managing editor of GovInfoSecurity.com.'