Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security: A Continuing Federal Challenge

The latest FISMA scorecards are out, with the grades for different agencies' efforts in the computer security arena. Amazingly, the overall grade--for all 24 major agencies in the federal government--has moved not a notch. Last year's D+ remains intact.

For those who may be new to FISMA Fun, it works more or less like this: the General Accounting Office (GAO) and the Office of Management and Budget (OMB) ask each major agency's Inspector General (IG) to submit an independent report about computer security based on numerous guidelines and scoring criteria. The IG requests input from each agency's CIO and other in-house security pros, and issues an annual report to the OMB. The GSA and OMB make their overall reports to the Committee on Government Reform, which is under the auspices of the U.S. House of Representatives.

The whole thing came about under the Federal Information Security Management Act (FISMA), which President Bush signed in December 2002. Interestingly, the security reports are submitted at the same time as the agency's budget request. I believe I understand the tie-in between asking for money and demonstrating results with the money already spent. But with all this happening at once, it's too bad the term 'March Madness' has already been taken.

And so pretty much everyone involved in government IT has a voice, and a part to play. Is it a perfect system? No, of course not. But it's the one we've got, at least for now, and even with its imperfections it gives at least some sort of assessment into the federal government's security efforts.

That said, I do have to wonder if these two facts are connected: 1) 2005 was one of the worst years on record for data breaches and government security snafus and 2) more than half of the 24 agencies assessed either stayed at a failing security grade or went down from the year before.

  • 1