Federal agencies due for information security report cards
Agency grades have averaged a D+ for the past two years
Computerworld - U.S. Rep. Tom Davis (R-Va.), ranking member of the House Committee on Oversight and Government Reform, today is scheduled to release the annual federal computer security report card, which grades the performance of the 24 agencies covered by the Federal Information Security Act (FISMA).
He is also expected to announce a series of new incentives designed to improve security at federal agencies, according to a release posted on the committee's Web site.
Among those scheduled to speak at the committee hearing are Karen Evans, de facto federal CIO and administrator of electronic government and IT at the White House's Office of Management and Budget (OMB). Also speaking will be Lisa Schlosser, CIO of the U.S. Department of Housing and Urban Development, and Bobbie Kilberg, president and CEO of the Northern Virginia Technology Council.
The report card, issued by the Government Reform Committee, is based on security evaluations defined in FISMA. The evaluations are compiled by the committee based on information provided to Congress each year by the inspector general from each agency.
Last year, the federal government scored an overall grade of D+ for the second year in a row. Eight of the 24 agencies, including the Departments of Homeland Security, Defense, State, Energy and the Interior, received failing grades. Among the seven agencies that got at least an A- were the U.S. Department of Labor, the Social Security Administration and the Environmental Protection Agency.
Though the grades are generally perceived as an indication of the security readiness of federal agencies, some in the past have questioned its real value.
For instance, a survey of 30 federal chief information security officers in 2005 by Telos Corp., an Ashburn, Va.-based IT service provider to federal agencies, showed a majority asking for significant improvements in the evaluation criteria used to measure security readiness.
Sixty percent of the CISOs surveyed said the federal report card was a useful indicator of their security preparedness. At the same time, they questioned the value of the report card, noting that agency funding for IT security was not affected by bad grades. Federal CISOs in the survey also expressed concerns about a lack of guidance about security requirements, system definitions and the evaluation methods used by inspectors general to grade agencies.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!