Federal agencies' FISMA grade up slightly

Share this article:
Federal agencies continued showed slight improvement in 2007 in their ability to protect sensitive data, scoring a "C," up from a "C-minus" in 2006, according to the annual Federal Information Security Management Act (FISMA) report card released Tuesday.

The report card, released by the office of U.S. Rep. Tom Davis, R-Va., the ranking member of the House Government Oversight and Reform Committee and the author of the FISMA legislation, showed that nine federal agencies scored a failing grade in 2007.

Flunking this year were the Department of Transportation, Department of Labor, the Department of Defense, the Department of the Interior, the Department of the Treasury, the Department of Veterans Affairs, the Department of Agriculture and the Nuclear Regulatory Commission.

Davis has made repeated calls for more oversight of agency information security practices.

"We need to do more to bring consistency regarding standards and review," Davis said in a prepared statement. "We need to seriously consider incentives for agency success and funding penalties and personnel reforms for agencies that don't measure up. We need a bill with teeth, and we need agencies to understand the goal is to keep information safe, not to check a statutory box."

On the positive side, three agencies received "high-confidence" grades of "A" because of "sterling financial audits," Davis said.

These were the U.S. Agency for International Development (USAID), the National Science Foundation and the Social Security Administration

The Department of Housing and Urban Development and the Department of Justice each received an "A" but with "low confidence" ratings because of weaker audit results, the statement said.

Davis said he was happy by the improvement in the overall score. Three agencies, the Department of Energy, which climbed from a "C-minus" to a "B-plus"; the Department of Homeland Security, up to  "B" from a "D;" and the National Aeronautics and Space Administration (NASA), from a "D-minus" to a "C-plus," lead the improvement.

Conversely, the Department of Labor's rating plummeted from a "B-minus" to an "F," while the Department of Education's rating slipped slightly from a "D-" to an "F."

Federal agencies are rated on a variety of criteria during the annual FISMA audit process. These include their annual tests of information security, their plans of action and milestones or corrective-action plans, whether they certify and accredit their systems as secure, how well they manage the configuration of their computers to ensure security, how they detect and react to breaches, their training programs and the accuracy of their inventories.

For 2007, several new factors, including the results of fiscal year 2007 financial statement reporting, were factored in to determine the confidence level placed in the scores, according to Davis' office.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.