That depends on how an agency goes about doing its work. FISMA has put together a framework, but if [an agency] does it just for compliance, then it’s purely a paperwork exercise.108
Karen Evans, Office of Management and Budget
In this chapter:
The e-Government Act of 2002 FISMA report card What FISMA is NOT – FISMA misunderstood FISMA and its achievements 10 questions for FISMA compliance
108 Gauthem Naugesh, “Feds Losing War on Information Security,” Government Executive.com, 13 March 2008.
We can truly say that an “A” on the FISMA scorecard does not always mean you are a more secure agency – but it is a start. When we started in C&A in the civilian federal agencies ...