Perhaps it's intended to be a workaround to the current problem with a
lot of government IT Security: The (big) contractors are told to follow
IT security guidelines, at which point they point back to their contract
and say "That's not in the statement of work, lets renegotiate the
contract and cost it out."
Jack Bates wrote:
Peter Beckman wrote:
"The proposal also includes a federal certification program for "cyber
security professionals," and a requirement that certain computer
systems
and networks in the private sector be managed by people who receive
that
license, CNET said."
Presumably, this is to increase security of private sector networks
that interconnect with government networks and high risk networks such
as banks and utilities. Presumably it wouldn't mandate the social
networking, ESP/ISP sectors.
Jack
