“FISMA Act encourages U.S. government agencies to configure their DNS servers to the DNSSEC security specifications set by the National Institute of Standards and Technology, and it has been reported that the federal government’s Office of Management and Budget (OMB) plans to begin enforcing DNSSEC requirements through an auditing process, setting the standard for DNS best practices.”
Yep, if you stamp FISMA on it, people will buy it, maybe in your PR department’s wettest and wildest dreams. Guys, it’s been 6 years, that kind of marketing doesn’t work nowadays, mostly because we spent ourselves into oblivion buying junkware similar to yours and now we’re all jaded.
Now don’t get me wrong, DNSSEC is a good thing, especially this month. But there is something I need to address: FISMA requires good security management with a dozen or so key indicators, not a solution down to the technical level. Allusions to OMB are just FUD, FUD, and more FUD because unless it’s in a memo to agency heads, it’s all posturing–something everybody in this town knows how to do very well. OMB would rather stay out of mandating DNSSEC and maybe give a “due date” once NIST has a final standard.
My one word of wisdom for today: anybody who tries to sell a product and uses FISMA as the “compelling event” has no clue what they’re talking about.