Yeah...
Yeah... saying they don't allow required federal security audits for security reasons seems pretty ludicrous. I am curious about the state of IT there... obviously flawed given these hacks, but was it fairly close to compliant (or even compliant to the extent that it'd pass the audit tests), or was it a real disaster area? (Or somewhere in between?)
Biting the hand that feeds IT
