--- b...@herrin.us wrote: From: William Herrin <b...@herrin.us>
The core problem here is that the Authority To Operate (ATO) process consumes essentially the entire activity of a USG computing project's security staff. The non-sensical compliance requirements, which if taken literally just about prevent you from ever connecting any computer to any other, get in the way of architecting systems around pragmatic and effective security. -------------------------------------------- "non-sensical compliance" Yeah, that. Pure, unmitigated insanity. scott
