Tuesday, September 27, 2016

ISCD Updates FAQ #1627 Again

Today the DHS Infrastructure Security Compliance Division (ISCD) published a new frequently asked question (FAQ) on their CFATS Knowledge Center. Actually, FAQ #1627 was first published in May 2009 and then it was updated in August of this year. So what’s going on?

I noticed a week ago Saturday that the reference to the most recent update to FAQ #1627 was missing from the CFATS Knowledge Center (I check for the most recent updates every day). A more detailed follow-up check showed that FAQ #1627 was completely missing from the database.

It seems that ISCD has been doing a detailed review of their FAQs to determine which FAQ responses will be affected by the implementation of CSAT 2.0 (a lot, I suspect). Some of those FAQs will have to be rewritten (oh boy, I’m not looking forward to that blog post), but some will no longer be relevant and those will be discarded.

Until a week ago last Saturday I was not aware of ISCD removing any FAQs from their lengthy list. If some have been deleted, they have not mentioned it. If some have been deleted there would not be a simple way of checking using the search function on CFATS Knowledge Center. Of course, the question is whether or not there is a reason to keep track of deleted FAQs?

On one hand, FAQs are not really official policy, they just reflect official policy. That’s one of the reasons that so many FAQs provide references back to official manuals and the CFATS regulations. That could easily mean that as policy changed (as reflected by official changes in manuals) that some FAQs became obsolete to the degree that it made no sense to update the response and those FAQs could/should be deleted.

On the other hand, some people are reading FAQs and, inevitably, some are making decisions about their CFATS implementation based upon those FAQ responses. They deserve to be notified when FAQs they may have relied upon have been deleted. I know the changes in the manuals should be enough notification (legally) but with the reputation that ISCD has worked so hard to build that they work closely with the regulated community argues that they should take the extra step and make specific notification of any deletions.


Oh, and some may have been deleted by mistake. You know, like FAQ #1627.

No comments:

 
/* Use this with templates/template-twocol.html */