Federal agencies due for information security report cards
Agency grades have averaged a D+ for the past two years
Computerworld - U.S. Rep. Tom Davis (R-Va.), ranking member of the House Committee on Oversight and Government Reform, today is scheduled to release the annual federal computer security report card, which grades the performance of the 24 agencies covered by the Federal Information Security Act (FISMA).
He is also expected to announce a series of new incentives designed to improve security at federal agencies, according to a release posted on the committee's Web site.
Among those scheduled to speak at the committee hearing are Karen Evans, de facto federal CIO and administrator of electronic government and IT at the White House's Office of Management and Budget (OMB). Also speaking will be Lisa Schlosser, CIO of the U.S. Department of Housing and Urban Development, and Bobbie Kilberg, president and CEO of the Northern Virginia Technology Council.
The report card, issued by the Government Reform Committee, is based on security evaluations defined in FISMA. The evaluations are compiled by the committee based on information provided to Congress each year by the inspector general from each agency.
Last year, the federal government scored an overall grade of D+ for the second year in a row. Eight of the 24 agencies, including the Departments of Homeland Security, Defense, State, Energy and the Interior, received failing grades. Among the seven agencies that got at least an A- were the U.S. Department of Labor, the Social Security Administration and the Environmental Protection Agency.
Though the grades are generally perceived as an indication of the security readiness of federal agencies, some in the past have questioned its real value.
For instance, a survey of 30 federal chief information security officers in 2005 by Telos Corp., an Ashburn, Va.-based IT service provider to federal agencies, showed a majority asking for significant improvements in the evaluation criteria used to measure security readiness.
Sixty percent of the CISOs surveyed said the federal report card was a useful indicator of their security preparedness. At the same time, they questioned the value of the report card, noting that agency funding for IT security was not affected by bad grades. Federal CISOs in the survey also expressed concerns about a lack of guidance about security requirements, system definitions and the evaluation methods used by inspectors general to grade agencies.
Read more about Security in Computerworld's Security Topic Center.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!