Ready to get your federal computer license?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Aug 31 19:24:56 UTC 2009
On Mon, 31 Aug 2009 14:06:56 EDT, "Sachs, Marcus Hans (Marc)" said:
> (d) CERTIFICATION.-Beginning 3 years after the date of enactment of
> this Act, it shall be unlawful for an individual who is not certified
> under the program to represent himself or herself as a cybersecurity
> professional.
Highly unlikely that 3 years is sufficient time to devise a certification,
a testing program, and get enough people certified. 5 years would be much
more reasonable.
It will probably take over a year just to thrash out what a "certification" is.
Consider the vast difference in scope and depth between a CISSP and one of
the GIAC certs. (Ghod forbid somebody suggest something rational like "upper
managers need a CISSP-ish cert and line emplouees need a relevant GIAC-ish
cert.. :)
> (e) CERTIFIED SERVICE PROVIDER REQUIREMENT.-Notwithstanding any
> provision of law to the contrary, the head of a Federal agency may not
> use, or permit the use of, cybersecurity services for that agency that
> are not managed by a cybersecurity professional who is certified under
> the program.
Unintended consequences - will this encourage the head of an agency to
instead say "screw it" and *not* use any cybersecurity services?
> A question for the NANOG community - if this section were to only apply
> to US government employees would it be acceptable? In other words,
> strike any reference to the private sector (except perhaps for those in
> the private sector who are under contract to perform government work.)
Limiting it to "US government agencies, employees, and contractors" would
certainly trim out about 95% of the contentious areas. But it still leaves
me, personally, on the hot seat - am I on the hook because I'm responsible
for research data that's NSF-funded? ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090831/e3a77be0/attachment.sig>
More information about the NANOG
mailing list