OMB sees improvement in agencies' IT security
- By Wilson P. Dizard III
- Mar 01, 2006
Federal agencies progressively are improving their IT security measures, according to a new report released today by the Office of Management and Budget.
, titled 'FY 2005 Report to Congress on Implementation of the Federal Information Security Management Act of 2002,' brings together IT security assessments prepared by federal agencies and their inspectors general.
In key measures of federal IT security, OMB reported that:
- The proportion of certified and accredited systems has increased from 77 percent to 85 percent.
- In fiscal 2005, for the first time, agencies assigned a risk impact level to their systems. Agencies reported that 88 percent of their high-risk systems had been certified and accredited, a sign that officials are working first to secure the highest-risk systems.
- Inspectors general reported that the quality of certification and accreditation processes at agencies had improved, with 17 of 25 agencies have processes rated 'satisfactory' or better, compared to 15 agencies in 2004.
- The IGs also reported that 19 of 25 agencies have effective corrective plans of action and milestones, up from 18 agencies last year.
Dan Matthews, former CIO of the Transportation Department and now vice president of government relations for Lockheed Martin Corp. of Bethesda, Md., noted that federal agencies now are putting more resources into IT security and building security measures into systems as they are designed.
'Agencies started by establishing standard procedures throughout their information resources departments [and] in early stages had to do inventories,' Matthews said. 'When the inventory was done, they had to get systems owners and security people together to identify the security position. Many did that as a result of year 2000 [Y2K date rollover] preparations,' he added.
'I do believe that the effort to thwart viruses has led to a heightened awareness of security in federal organizations and the central nature the need of virus mitigation,' Matthews said. He also cited the role of the federal CIO Council in promoting knowledge about best practices in the security arena.