Cybersecurity band aid? New CAG audit guidelines don’t replace FISMA

Post author:Kelli Tarala
Post published:February 25, 2009
Post category:Audit

This week we heard about CAG, the Consensus Audit Guidelines, and people have been asking us how this relates to FISMA and NIST. The CAG is not meant to be a comprehensive information security fix. This list of twenty control objectives is prioritized based on the results of the Commision on Cyber Security for the 44th Presidency and address the known high-priority attacks. This is not a comprehensive list of controls that for auditors and other information security professionals. This is a cybersecurity band aid for the time being.

The National Institute of Standards and Technology (NIST), on the other hand, has developed an extensive and powerful library of standards. These standards are for not only complying with Federal IT security requirements, but standardizing and improving security program as a whole. We included many of the same control elements addressed in the CAG initiative,” said Ron Ross, senior computer scientist at NIST. “Security managers need to take a holistic approach to a challenging set of problems,” he said. “The controls work as an interlocking set.”

To Learn More:

NIST Computer Security Resource Center:
http://csrc.nist.gov/

“Consensus Audit Guidelines no substitute for FISMA guidance” by William Jackson”
http://gcn.com/Articles/2009/02/24/CAG-no-substitute-for-FISMA.aspx?Page=1

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Please Share This Share this content

You Might Also Like

Behavioral Experts to Audit Super Bowl Revelers

Looking for IT Compliance Institute (ITCi) Resources?

Twitter Tips for Info Sec Twerps

Share this content