For government agencies, complying with new security guidelines from the National Institute of Science and Technology can be the equivalent of eating broccoli: It’s good for you, but that doesn’t mean you enjoy it. With recent announcements, however, there’s a heaping of tasty melted cheese included in the form of potentially saving big bucks.
In a GovInfoSecurity.com interview, NIST’s Federal Information Security Management Act project leader, Ron Ross, shows how agencies can team with other agencies -- or candidly piggyback on their work -- to hack away at the time and effort needed to qualify IT products and services for purchase.
That’s a part of NIST Special Publication 800-37, a guide for agencies to apply risk management techniques to harmonizing IT certification and accreditation across the government. That was just one of a number of announcements NIST made about security issues in late February.
Ross said there are now three distinct types of IT authorizing approaches agencies can use, starting with the traditional single authorization where an agency official does all the work to authorize each system. Now there is also a joint authorization, where multiple authorizing officials can work together to authorize something like a service that many agencies will be using.
And then there is something called a leveraged authorization, where agencies can use the documentation and evidence that other agencies have created as the basis for their own risk decision.
Ross said there has been a change in the culture over the past few years that has required these kinds of changes, together with technological innovations such as cloud computing, that require a more collaborative environment. Civilian, military and intelligence agencies are much more inclined to cooperate and share on these kinds of things.
That all makes sense, but I guess we’ll have to see how this rolls out in practice. Kumbaya has not proven to be a very practical philosophy in the past.
And, by the way, in case people feel like complaining, the lead was inspired by George H.W. Bush. I. actually. like broccoli.
Posted on Mar 15, 2010 at 7:27 PM0 comments
This post is for those that are still, and will be for a while, users of Windows XP. If that isn’t you then look away – or maybe gloat a little.
It seems that XP users could hit a tricky patch if they intend to update their hard drives to take advantage of the new Advanced Format drives that apparently will be standard by early 2011.
According to this BBC story, those drives need to be formatted into 4 kilobyte sectors as the minimum that the drive can write data to, whereas XP follows the 30 year old DOS convention of formatting disks for just 512 byte sectors.
This Ars Technica story goes into a bit more detail about the history of all of this. God forbid but, since I used to write about this stuff way back when, it actually makes sense to me!
The change is needed to keep up with the humongous sizes of today’s hard drives, which are rapidly heading towards a terabyte as standard, a big difference from the early days of DOS when a megabyte actually meant something.
The Ars Technica piece also talks about the 2 Terabyte partition limit that XP users are subjected to.
Anyway, it seems that XP users need to be aware of all of this and of potential workarounds. If you don’t do something the new drive will still work under XP, just incredibly slowly. That actually might bring computers more into line with the speed that most of government works at, but it’s not what people want out of IT these days.
This also goes for Linux users, by the way.
I might assume that the tons of much-smarter-people-than-me in government have been aware of this problem for some time and are way ahead of the game. But the first rule of journalism is assume nothing.
Posted on Mar 11, 2010 at 7:27 PM1 comments
A lot has been written over the past couple of years about what the effect of the influx of millennials will have in government, mostly anecdotal stuff. You can infer from this that newer workers have a different way of working from their baby-boomer bosses, and that’s particularly true in the way they use technology.
It’s an area ripe for actual research and, behold, it’s started to arrive. One article in the Journal of Management (this is a limited time download) takes a multidecade look at the generations and comes up with striking differences between them, and it’s not just about how they handle Web 2.0 and digital tech.
One of the biggest gaps, for instance, is how boomers and the “Generation Me” folks look at leisure. The habits of the notoriously overworking, overachieving boomers don’t cut it with the newer folks, who, the study says, really value their leisure. The way the paper’s authors puts it, this sounds like a negative:
“However, given that GenMe values extrinsic rewards more than boomers did, the combination of not wanting to work hard but still wanting more money and status verifies the sense of entitlement many have identified among GenMe. ... Valuing leisure (e.g. not wanting to work overtime) while still expecting more status and compensation demonstrates a similar disconnect between expectations and reality ... narcissistic traits have risen over the generations, and narcissism is strongly linked to overconfidence and unrealistic risk taking.”
It’s just one paper, of course, but if other research that follows backs this up it suggests government managers – who are still mostly boomers – should consider much more drastic changes in the way they deal with the incoming workforce. And that government may have to change a lot in the way it operates in the future.
Posted on Mar 10, 2010 at 7:27 PM2 comments