PTO revises its IT security ranking

The Patent and Trademark Office has downgraded its IT security readiness level in the wake of critical reports from the Commerce Department inspector general.

PTO included the revision in a report based on the agency's review of its systems for fiscal 2001 and 2002 under the Government Information Security Reform Act. The law requires agencies to conduct program reviews and assess IT security on a five-level scale. The review findings are reported, along with evaluations from federal IGs, to the Office of Management and Budget.

Last year, PTO told OMB it had reached Level 4, with Level 5 being the top ranking.

But Commerce's IG had a different opinion. 'In reviewing the information supporting the self-assessment, we found that PTO merited an overall score of no more than Level 2,' the IG said in its report to OMB. 'In fiscal 2002, PTO reassessed its status and told us that, consistent with our evaluation, it now considers itself at Level 2.'

A PTO agencywide strategy report drafted earlier this year gave an inkling of the likelihood that the agency would be revising its security readiness level. The five-year strategy, also submitted to OMB, noted that the agency's systems had grave flaws and were vulnerable to disasters.

Responding to the IG's findings, PTO issued a statement that said it had 'made great strides in its IT security program this past year and has laid the foundation for an efficient, effective program in the future.'

The statement noted that the agency's CIO had appointed a new executive for IT security and created four new positions in the new IT Security Program Office.

PTO also said it had reviewed and updated its security policies and procedures, and had begun certifying the security levels of agency systems.

The IG office said at the time of its evaluation, 64 of the agency's systems, or 82 percent, lacked documented risk assessments. And security plans for 24 of the systems, or 30 percent, were more than 3 years old.

The report did laud PTO for its recent efforts to bolster security, noting that PTO's senior managers have 'made a commitment to improving information security.' The IG called the agency's corrective action plan a solid foundation for IT security improvements.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above