Back in 2007 I posted a blog entry about catching our auditors violating company policy by putting their company’s computer on our network. Today, new group of FISMA auditors, same issue.
If the auditors were a bit slicker, I”d believe them when they said they were testing our controls for unauthorized computers. (trust me, this guy was busted cold) After Alanis, I hesitate to call something ironic, but it sure seems ironic that the people verifying our security policies routinely violate our security policies.