Sponsored Content
« Chief IT Officer Fired By Obama Might Have Been Terminated For Refusing to Sign False Certification of Healthcare.gov's Security | Main | Father Posts Craiglist Ad Seeking Man To Beat and Rape His 11-Year-Old Daughter »
November 07, 2013

Update: CMS, Tavener Seem to Have Violated Federal Rules in Falsely Certifying Healthcare.gov As "Secure"

It appears that CMS violated federal guidelines regarding security certification.

Federal rules require that website be certified as secure before being permitted to go live. For reasons that I trust are obvious.

But Healthcare.gov was never tested, and the White House and CMS were being warned by IT people that it was insecure.

So what Tavener did is sign an "interim" security certification, with a directive to... test for security after the site already certified as secure was live.

Does this make sense? No, of course not:

Yet Sebelius’s matter-of-fact description of the temporary authorization is a lot different from the 2012 memo from Zients on federal cyber-security.

Page 11 of the Zients memo includes the following section:

Does OMB recognize interim authority to operate for security authorizations?

No. The security authorization process has been required for many years, and it is important to measure the implementation of this process to improve consistency and quality government-wide. Introducing additional inconsistency to the government's security program would be counter to FISMA's goals.

Note that Zients is the new Czar in charge of straightening out Healthcare.gov-- so Obama considers him a top expert. And he expressly says that an "interim" security certification -- that is, a certification without any actually security -- of course is "counter" to the goals of site security.

But that's what the team he's now in charge of did.

On Tuesday, CNN reported that until it was fixed last week -- weeks after the site was live -- a security hole allowed any user to “easily reset your healthcare.gov password without your knowledge and potentially hijack your account.”

CMS did not respond to an email seeking comment on the Authority to Operate issue.

Thanks to Andy, or as I know him, @theh2.


digg this
posted by Ace at 03:46 PM

| Access Comments




Recent Comments
Wolfus Aurelius, Dreaming of Elsewhere [/i] [/b]: "Early morning hello to all the folken! I'm up a b ..."

Farmer: "Sorry. Glad I could start your morning off right. ..."

loafer: "I ԝas extremely pleased to uncover th ..."

Infidel: "Sorry. Glad I could start your morning off right. ..."

Farmer: "I've seen prettier mouths on a carp. Posted by: I ..."

Infidel: "AOP I think that's a very disrespectable of referr ..."

Farmer: "Does Guam have an irritable volcano that emits vas ..."

Puddleglum: "(strolls through thread) https://youtu.be/LQiOA ..."

Pelvis - I'm All Mixed Up, Like Musical Concrete: "Heart. Don't be. True to a Cruel. Need a fried ..."

Miklos, sticking out tongue and waggling hands behind ears: "nope. Posted by: Infidel not ..."

Infidel: "nope. ..."

Miklos feels a mite reclineful his own self: "I suppose everyone has run off to wait for Pixy 'n ..."

Recent Entries
Search


Polls! Polls! Polls!
Frequently Asked Questions
The (Almost) Complete Paul Anka Integrity Kick
Top Top Tens
Greatest Hitjobs

The Ace of Spades HQ Sex-for-Money Skankathon
A D&D Guide to the Democratic Candidates
Margaret Cho: Just Not Funny
More Margaret Cho Abuse
Margaret Cho: Still Not Funny
Iraqi Prisoner Claims He Was Raped... By Woman
Wonkette Announces "Morning Zoo" Format
John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia
World Muslim Leaders Apologize for Nick Berg's Beheading
Michael Moore Goes on Lunchtime Manhattan Death-Spree
Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears
Liberal Economists Rue a "New Decade of Greed"
Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility
Intelligence Officials Eye Blogs for Tips
They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan
Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq
Leather-Clad Biker Freaks Terrorize Australian Town
When Clinton Was President, Torture Was Cool
What Wonkette Means When She Explains What Tina Brown Means
Wonkette's Stand-Up Act
Wankette HQ Gay-Rumors Du Jour
Here's What's Bugging Me: Goose and Slider
My Own Micah Wright Style Confession of Dishonesty
Outraged "Conservatives" React to the FMA
An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear
The Story the Rightwing Media Refuses to Report!
Our Lunch with David "Glengarry Glen Ross" Mamet
The House of Love: Paul Krugman
A Michael Moore Mystery (TM)
The Dowd-O-Matic!
Liberal Consistency and Other Myths
Kepler's Laws of Liberal Media Bias
John Kerry-- The Splunge! Candidate
"Divisive" Politics & "Attacks on Patriotism" (very long)
The Donkey ("The Raven" parody)
Powered by
Movable Type 2.64