Notice the quote "In addition to using the NIST checklist, I am recommending all departments and agencies take the following actions:"

It is a recommendation, not a mandate.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/239/1185#1185