Agencies improve IT security, but there's still work left to do
- By Jason Miller
- Mar 05, 2004
Agency IT security has shown marked progress in the last year, but too many agencies still fall short of meeting the goals of the Federal Information Security Management Act.
After reviewing almost 8,000 systems, the Office of Management and Budget found that 62 percent of the systems have been certified and accredited by agencies' inspectors general or private-sector third parties, according to the FISMA report OMB last week sent to Congress. OMB had wanted agencies to hit the 80 percent mark by the beginning of this year.
Because compliance is lagging, OMB recently ordered agencies to fix security problems before spending any money this year on new IT or upgrades.
The report also said not all of the 24 major agencies have had their IGs verify their security remediation processes.
Agencies did best in their efforts to meet OMB's third goal: integrating security into systems' lifecycle plans. OMB said 78 percent of all agencies met the requirement; the goal was 80 percent by the start of the year.
Despite the shortfalls in meeting the target goals, OMB noted improvements in security efforts generally:
- 78 percent of all systems have been assessed for risk and assigned a risk level, up from 65 percent in 2002.
- 73 percent of all systems have up-to-date IT security plans, an increase of 11 percent over last year.
- 68 percent of all systems have contingency plans, up from 55 percent last year.