You can keep on asking...

Summary:But you have to ask the right questions. Two senators have sent a letter to 24 US agencies asking them to report on their progress in data protection.

But you have to ask the right questions. Two senators have sent a letter to 24 US agencies asking them to report on their progress in data protection. This article at Federal Computer Week highlights the woeful state of security compliance at most US agencies.

This is great. There can be no change without someone asking these type of questions. But what worries me is that adopting policies such as NIST 800-53 is only the very first step towards becoming secure. GAO, and other agencies that are attempting to address the sorry state of security within the US fed should move on to requiring more proactive steps. Things like:

Every firewall will be set up to deny by default.

Every firewall will explicitly block high level ports.

Telnet, FTP, and TFTP may not be used unsecured.

Administrative access to be granted via strong authentication only.

These mandates would be a start. After getting over the firestorm of objections the GAO could start to work on configuration management and universal strong authentication.

Update:  Stiennon's blog has moved to here

Topics: Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.