Federal agencies improve security, FISMA report says

Share this article:
Federal agencies improve security, FISMA report says
The annual report shows agencies are meeting most of the FISMA requirements.

The threat landscape may be expanding, but federal agencies are getting better at meeting requirements laid out in the Federal Information Security Management Act, according to the annual FISMA report presented to Congress on May 1 by the Office of Management and Budget (OMB).

This year's report, based on agency self-assessments for the 2013 fiscal year, showed that the government organizations met 81 percent of the FISMA requirements, up from 73 percent the year before. Among the biggest areas of improvement came in email encryption efforts at 51 percent, up from 35 percent the year before.

In a letter accompanying the report, OMB Deputy Director for Management Beth Cobert told Congress that “OMB continues to work with agencies to fulfill the requirements of FISMA and implement increasingly resilient information technology security and privacy management programs.”

Much of agencies' efforts have focused and will continue to focus on three initiatives — protecting existing information and information systems, supporting the safe and secure adoption of emerging technologies and building a sophisticated information security workforce, according to the report.

Noting that by “designating cybersecurity as a Cross Agency Priority (CAP) Goal,” the Obama administration had increased “senior government officials' visibility of and accountability” for safeguarding information and information systems. CAP employs three strategies to better protect government networks — trusted internet connections, continuous monitoring and strong authentication (HSPD-12).

And agencies have put some money behind their efforts, spending more than $10 billion in the last fiscal year on IT security. The report says that $3.6 billion of that went to stemming malicious activity while $2.7 was put toward intrusion detection and mitigation. Another $4.1 billion went to boosting the effectiveness of the government's cyber security initiatives.  

Federal agencies continue to face multiple threats. Among the 25 largest organizations, called the CFO Act Agencies, non-cyber incidents — such as leaking information on paper documents —  accounted for more than 25 percent of overall security incidents while policy violations accounted for almost 20 percent of digital incidents, up from 5.2 percent the year before. Smaller agencies were plagued by different problems — with the biggest issue being suspicious network activity (at 22 percent).

The government will continue to sponsor R&D on insider threat assessment methodology as well as mitigation strategies through the CERT Insider Threat Center, the report says, noting that “mitigating the malicious insider remains a significant challenge and requires the composite application of several tactics and capabilities.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.