Back in 2007 I posted a blog entry about catching our auditors violating company policy by putting their company’s computer on our network.   Today, new group of FISMA auditors, same issue.  

If the auditors were a bit slicker, I”d believe them when they said they were testing our controls for unauthorized computers.   (trust me, this guy was busted cold)  After Alanis, I hesitate to call something ironic, but it sure seems ironic that the people verifying our security policies routinely violate our security policies.