The government regulation hits twenty and many experts believe it's time it gets an overhaul. "The rule itself is heavily weighted toward compliance
things that are evidence-based, which would be policies, procedures, plans and other forms of documents," said security expert Tom Walsh. But, "as far as I know, no hackers have ever been thwarted by a set of well-written policies.
Read more on Gov Info Security