Federal agencies due for information security report cards
Agency grades have averaged a D+ for the past two years
Computerworld - U.S. Rep. Tom Davis (R-Va.), ranking member of the House Committee on Oversight and Government Reform, today is scheduled to release the annual federal computer security report card, which grades the performance of the 24 agencies covered by the Federal Information Security Act (FISMA).
He is also expected to announce a series of new incentives designed to improve security at federal agencies, according to a release posted on the committee's Web site.
Among those scheduled to speak at the committee hearing are Karen Evans, de facto federal CIO and administrator of electronic government and IT at the White House's Office of Management and Budget (OMB). Also speaking will be Lisa Schlosser, CIO of the U.S. Department of Housing and Urban Development, and Bobbie Kilberg, president and CEO of the Northern Virginia Technology Council.
The report card, issued by the Government Reform Committee, is based on security evaluations defined in FISMA. The evaluations are compiled by the committee based on information provided to Congress each year by the inspector general from each agency.
Last year, the federal government scored an overall grade of D+ for the second year in a row. Eight of the 24 agencies, including the Departments of Homeland Security, Defense, State, Energy and the Interior, received failing grades. Among the seven agencies that got at least an A- were the U.S. Department of Labor, the Social Security Administration and the Environmental Protection Agency.
Though the grades are generally perceived as an indication of the security readiness of federal agencies, some in the past have questioned its real value.
For instance, a survey of 30 federal chief information security officers in 2005 by Telos Corp., an Ashburn, Va.-based IT service provider to federal agencies, showed a majority asking for significant improvements in the evaluation criteria used to measure security readiness.
Sixty percent of the CISOs surveyed said the federal report card was a useful indicator of their security preparedness. At the same time, they questioned the value of the report card, noting that agency funding for IT security was not affected by bad grades. Federal CISOs in the survey also expressed concerns about a lack of guidance about security requirements, system definitions and the evaluation methods used by inspectors general to grade agencies.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts