Evans: Agencies are improving security profiles
- By Patience Wait
- Nov 02, 2006
Agencies continue to make progress in securing their information systems, at least in terms of improving their collective FISMA scores, according to Karen Evans, the Office of Management and Budget's administrator of e-government and IT. Evans was the keynote speaker at the ITAA 2006 Information Security Workshop today in Falls Church, Va.
FISMA ' the Federal Information Security Management Act ' sets the standards and procedures agencies must observe in order to improve their security profiles. Each year, every department and independent agency is given a letter grade, based on their implementation of the elements of FISMA.
Final grades usually are released in the spring, reflecting agencies' performance in the previous fiscal year. But Evans said preliminary results in three key categories, taken together, show that agencies are making progress.
In fiscal 2005, 85 percent of government systems were certified and accredited, Evans said; this year, 88 percent of the systems received C&A.
This addresses 'how much risk to live with,' Evans said. 'This identifies risks [and] controls ' at the end it makes agencies think about services versus their risks, and senior management has to sign off' on that tradeoff.
In another category, 78 percent of agencies tested their security contingency plans in 2006, up from 60 percent in 2005, Evans said.
And inspectors general at 19 agencies verified and assigned ratings on weaknesses identified in their organizations' systems, up from 17 agencies the previous year.
The numbers indicate how well government systems are secured, Evans said. 'That's why the combination of those three numbers is important.'