The US GOV has agencies whose responsibility is to audit computer systems and ensure that they meet security and operational requirements. Why isn’t there a Tiger Team to go in and fix those systems found deficient? As posted recently, Department of State FISMA ratings have been dropping for years. Why not hold the budget (wait, what Budget) and redirect money from projects to the Tiger Team to fix these problems instead of depending on the good will of that agency’s management team to push the issue along.
Take away from their operational budget, fix the darn problem.
Where I used to work (a few of you know), if you had poor ratings or failed your inspection, you were SHUT DOWN till you got it fixed. No questions, no “mother may I”. Shut down. Denial of Approval to Operate, DATO. And then we would send a team out to put a microscope where you didn’t want it, looking to see what else you failed to do correctly. Why isn’t this happening here?