About This Site

This blog is intended to share, cooperate with and learn from IT professionals serving the public sector. It is my intent that this blog may evolve to become a public sector industry forum for the exchange of technology advice, reviews, experiences, recommendations and best practices.

Search

Search Government Blog

  Government Blogger FAQ

Frequently Asked Questions and Answers (FAQs)

Question: We're about to begin a software selection for a COTS customer relationship management (CRM) and enterprise resource planning (ERP) software system. Our COR insists that any new software application must be NIST certified however the OCIO isn't so sure. Do you know if NIST is a guideline or a requirement?

Answer: If you're a federal bureau, your COR is likely correct the NIST Certification and Accreditation is an absolute requirement. Also recognize NIST C&A is a comprehensive and very time consuming certification process. I normally see NIST C&A accomplished in 12 to 20 months, however, I've heard of it dragging on for much longer. Most vendors with public service editions of their business software are already NIST C & A certified so for these vendors you can probably avoid this paper. Otherwise, prepare to begin a lengthy journey.

Question:

Answer:

Question:

Answer:

Question:

Answer: