Research

You get the call from the boss you have been dreading for weeks. “Jimmy, it’s time to add FISMA to our control set, and we need to be compliant in three weeks. GO!”

Great, another compliance initiative to work into the alphabet soup of controls-pain that haunts security professionals. More standards means more work to make sure that the standard control set you use in your organization will cover any new requirements you face. Compliance and Security frameworks often overlap, and usually just have a small number of requirements that are unique to the industry or data type protected.

I recently had a great conversation with Dorian Cougias from UCF and he turned me on to one of his projects, the Common Controls Hub. I’ve been aware of the great work that Dorian and his team have been doing over the last decade, but the Common Controls Hub was a new one for me. I’ve been heads down on security outside of compliance (or fielding PCI DSS questions, representing just one initiative), so when I got to see this thing in action, I was pleasantly surprised. It’s what I think many of us have been waiting for….

Visit Article