On Thu, August 21, 2008 9:19 am, [EMAIL PROTECTED] wrote: > Thanks for the update Ron, the last I heard was OMB required all > workstations that process government information to be FDCC Compliant.
All government owned systems, regardless of use. > To be FDCC Compliant the workstation had to be configured with all of the > settings, if a single setting is changed the workstation is not FDCC > compleant. > > I haven't heard of a deviation policy form OMB being released, so to > the best of my knowledge deviation from the FDCC settings are not > allowed. OMB is the mandate, NIST (FDCC) is the policy. I've never seen an audit or C&A package that didn't make gratuitous use of the "N/A" loophole. Like airport security, such "regulations" are pure theatre and is the biggest reason why I jumped that ship and became a filthy contractor. Tangent example: Trusted Internet Connections (TIC) Good luck in your new field! Burnout comes fast :-) Randy -------- top posting is evil _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
