FISMA and NPD 2810

Part of the exciting life of being a government contractor (or really any involvement with the government) is the continuing creation and update of policies. One of my favorites is FISMA, and the resulting NASA Policy Directive (NPD) 2810.

As far as a developer is concerned, both of these policies can be distilled to a few basic rules regarding user access to Information Systems.

• Password requirements
• Password reuse
• Use of two factor authentication

Even though FISMA has been around since 2002 and NPD 2810 has been on the books since 2006, a large number of legacy applications have yet to be modified to follow those standards and amazingly the number of developers who are familiar with them is relatively low.

In the next series of posts, I will hope to shed some light on some of the requirements and provide a series of Coldfusion components that can be used as a common methodology for meeting (at least the NPD).