bloomberg on supermicro: sky is falling

• Previous message (by thread): bloomberg on supermicro: sky is falling
• Next message (by thread): bloomberg on supermicro: sky is falling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If there was a waiver issued for your ATO, it would have had to have been issued by a department head or the OSD and approved by the DoD CIO after Director DISA provides a recommendation and it is mandatory that it be posted at https://gtg.csd.disa.mil.  Please see this DoD Instruction http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/831001p.pdf (the waiver process is on page 23).  If it did not go through that process, then it is not approved not matter what anyone told you.  I know your opinion did not make it through that process.

Want to tell us what system this is?
  

Steven Naslund 
Chicago IL


>And yet I got my DoD system ATOed my way earlier this year by
>demonstrating to the security controls assessment team that the cost
>of default-deny-all exceeded the risk cost of default-allow with IDS
>alerts on unexpected traffic.
>
>Because not spending more on a security implementation than the amount
>by which it reduces the risk cost, is a CORE SECURITY PRINCIPLE while
>default-deny-all is merely a standard policy.
>
>Regards,
>Bill Herrin

• Previous message (by thread): bloomberg on supermicro: sky is falling
• Next message (by thread): bloomberg on supermicro: sky is falling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]