Summary: A big complaint about the Federal Information Security Management Act (FISMA) is that agencies complying with its provisions merely prove they're following processes aimed at securing information systems, but they don't necessarily prove the systems are indeed secure. <p>In an exclusive interview, Ron Ross, the National Institute of Standards and Technology's FISMA guru, explains: </p><p></p><div id="blist">The current challenges agencies face in complying with FISMA. </div> <div id="blist">How NIST standards, if adopted, will help secure government IT. </div> <div id="blist">Why no metric will fully assure systems will always be safe.</div> <p>Ron Ross is a senior computer scientist at the National Institute of Standards and Technology's Computer Security Division. His areas of specialization include security requirements definition, security testing and evaluation and information assurance. Ross leads the Federal Information Security Management Act Implementation Project for NIST.</p>
