if you've ever wondered why the government can't get anything done, based on my recent experience, i would tell you it most likely has something to do with IA. or "information assurance" for all you non DoD folks. our information is assured by people who call themselves information assurance officers, and whose primary job, as far as i can tell is to say "no". they have created a maze of paperwork so confusing that no mere mortal could possibly get their software approved to run on a government network. in fact, we were told that our best bet would be to hire a contractor whose sole purpose would be to do the accrediation paperwork for us and it could take years. to make things worse, there are least six "different" networks that each require separate approval. i say "different" because in reality, most of them are all connected, they are just different nodes, managed by different services.
as if that's not bad enough, commercial applications are WAY easier to get on the network than our own government sponsored, government owned, government developed software. microsoft office? no problem. google earth? no problem. government software? you have to fill out an approximately 54,437 page security document on which half the questions are irrelevant, half don't make any sense, and the other half yields answers whose usefulness with regards to security is questionable at best.
how did i find all this out? after i flew to hawaii to support a mission and spent a week and half just trying to get my damn computer plugged in. anyway, long story short, i got to do some hiking and snorkelling while i was out there. thanks uncle sam!
1 comment:
you can blame that on your elected officials. it's called the federal information security management act or FISMA. Believe me the IAOs would much rather be sitting behind a firewall actually doing something useful than reviewing all the paperwork involved in system accreditation.
Post a Comment