Latest FISMA grades leave more to be desired
The Washington Post (which is owned by the same company that owns GCN) reported last night
that the FISMA grades coming out today are less than impressive. Overall, government gets a D+ for network security, which is the same grade it got last year.
The grades, which are handed out by the House Government Reform Committee, are meant to reflect federal agencies' IT security postures, although some experts say agencies spend so much time and money just trying to meet Federal Information Security Management Act standards that they can't actually spend resources on protecting their networks. GCN's own IT security expert William Jackson has written often
about FISMA grades.
In a statement released today, Bruce Brody, vice president for information security at research firm Input Inc., said, "FISMA has become a largely paperwork drill among the departments and agencies, consuming an inordinate amount of resources for reporting progress while putting in place very little in the way of actual security improvements."
According to the Post story, nine departments failed the FISMA security test, including Agriculture, Defense, Energy and Homeland Security--not exactly the federal agencies you want employing lax IT security.
The committee is prepared to hand A+ grades to the Agency for International Development, EPA, the Labor Department, Office of Personnel Management and the Social Security Administration, according to the Post.
OPM has steadily improved over the years, pulling down an F in 2001, when the committee started handing out the grades, improving to a C- in 2004, and now landing at the top of the class. EPA has shown a similar rise.
More to come at GCN.com.Posted by Brad Grimes
Posted by Brad Grimes, Joab Jackson on Mar 16, 2006 at 9:39 AM