Federal agencies improve security, FISMA report says

Share this article:
Federal agencies improve security, FISMA report says
The annual report shows agencies are meeting most of the FISMA requirements.

The threat landscape may be expanding, but federal agencies are getting better at meeting requirements laid out in the Federal Information Security Management Act, according to the annual FISMA report presented to Congress on May 1 by the Office of Management and Budget (OMB).

This year's report, based on agency self-assessments for the 2013 fiscal year, showed that the government organizations met 81 percent of the FISMA requirements, up from 73 percent the year before. Among the biggest areas of improvement came in email encryption efforts at 51 percent, up from 35 percent the year before.

In a letter accompanying the report, OMB Deputy Director for Management Beth Cobert told Congress that “OMB continues to work with agencies to fulfill the requirements of FISMA and implement increasingly resilient information technology security and privacy management programs.”

Much of agencies' efforts have focused and will continue to focus on three initiatives — protecting existing information and information systems, supporting the safe and secure adoption of emerging technologies and building a sophisticated information security workforce, according to the report.

Noting that by “designating cybersecurity as a Cross Agency Priority (CAP) Goal,” the Obama administration had increased “senior government officials' visibility of and accountability” for safeguarding information and information systems. CAP employs three strategies to better protect government networks — trusted internet connections, continuous monitoring and strong authentication (HSPD-12).

And agencies have put some money behind their efforts, spending more than $10 billion in the last fiscal year on IT security. The report says that $3.6 billion of that went to stemming malicious activity while $2.7 was put toward intrusion detection and mitigation. Another $4.1 billion went to boosting the effectiveness of the government's cyber security initiatives.  

Federal agencies continue to face multiple threats. Among the 25 largest organizations, called the CFO Act Agencies, non-cyber incidents — such as leaking information on paper documents —  accounted for more than 25 percent of overall security incidents while policy violations accounted for almost 20 percent of digital incidents, up from 5.2 percent the year before. Smaller agencies were plagued by different problems — with the biggest issue being suspicious network activity (at 22 percent).

The government will continue to sponsor R&D on insider threat assessment methodology as well as mitigation strategies through the CERT Insider Threat Center, the report says, noting that “mitigating the malicious insider remains a significant challenge and requires the composite application of several tactics and capabilities.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.