Mar. 15, 2023
March 15, 2023 you need to lead the horse to something that 100% works and does not provide gaps - many frameworks exist and they leave gaps. FEDRAMP is an example of a good framework. PCI DSS, HIPAA, are examples of bad frameworks, albeit better than zero yet due a disserve due to headache involved while still leaving gaps. Perhaps NSA/CIA joint effort with CISA/DHS is needed to bring STIGS or such to corporations. If the goal is to get companies to have words on paper, then ignore this comment.