I know a guy who is one of only about a half-dozen certified data center planners in the US. He deals with Home Land Security and the FBI as they are customers of his and he deals with classified requirements in his planner capacity and as a provider of office space to these entities as well.
This is what he posted about it.
--
Operating that E-mail server to begin with was a violation of the Department of State's FISMA ATO (Authority to Operate). FISMA (Federal Information Security Management Act of 2002) is law, plain and simple. The intent and letter of the law were violated by operating that server. The State Department Inspector General and CISO should be fired, jailed, drawn, quartered, burnt, and their remains urinated upon. The ultimate responsibility for knowing of the server (which they surely did) and shutting it down in order to obey the law was with them (the IG and CISO). Clinton is culpable, too, but can perhaps claim some level of ignorance. But, it's not disputable that using that server for State Department business broke the law. Sadly, I know this because for now I have to deal with this FISMA crap all day every day as I work to make one of our facilities FISMA-compliant and FedRAMP-certified. This one is black and white.
I've also read reports (I don't know if they're credible or not) that prior to the server being turned in for inspection that the disk volumes containing the E-mail message stores had been forensically cleansed with an NSA-grade data-wiping tool. Whether or not any E-mails were classified or any wrongdoing was transmitted through or stored upon that server, going to those lengths to destroy the ability to forensically recover anything doesn't make those who authorized it or did it look very honest. And that is Hillary's continuing self-inflicted problem here...
-
Question: I thought the State Dept was subject to an annual inspection by an independent public accountant the result of which the Office of Inspector General is given. So they didn't find any problem with the Hillary server? Year after year?
Answer: If an agency has held their ATO for any length of time, they usually end up running on an externally reviewed and approved continuous monitoring plan. The OIG and CISO would be handed any findings (and Hillary's server should have generated a slew of findings) and would be responsible for reporting them to the OMB. As I said, this in the laps of the State Department OIG and CISO. Hillary and her staff either knowingly or unknowingly broke the law, and those responsible for enforcement in the State Department failed in their roles. I'd like to see someone held accountable, but that's just wishful thinking.
---
Our own thoughts in the end was her and or her people certainly screwed the pooch but whoever it was that signed off on it, for the government, is who ought to be held accountable overall.