What are federal information security officers worried about? Shoddy software, wireless networks security, and compliance with the Federal Information Security Management Act (FISMA). That's what federal chief information security officers told Intelligent Decisions, an IT consultanting firm, for their second annual survey of CISOs. Software developers have dropped the ball on quality assurance, CISOs think, and their software is causing headaches around network compromise, patch management and FISMA compliance.
"Federal CISOs have spoken loud and clear that it is well past the time for private industry to get serious about software quality," said Intelligent Design's president, Harry Martin, in a press release.
CISOs expect growth in wireless networks and mobile devices was the number one trend over the next year. Although CISOs identified unauthorized wireless deployments, unauthorized access points, and unauthorized WiFi devices as key security concerns, most (54%) agencies that use wireless networks have not implemented the key wireless security controls (PDF) recommended by the National Institute of Standards and Technology (SP 800-48).
This finding suggests that the absence of clear, mandatory controls has led to a FISMA disconnect on wireless security, with many Federal agencies failing to ensure that proper controls were in place before rolling out wireless networks. To address the scattered implementation of these four basic controls, NIST plans to release revised wireless security guidelines for comment in September. These revised guidelines will form the basis for a new mandatory Federal Information Processing Standard (FIPS). Once issued, the new FIPS will mandate the adoption of these basic controls, among other standards, that will have a major impact on an agency’s IT investment and FISMA compliance obligations.
The full report is available here.