Federal agencies flunk IT security audit. Again

Inadequate Internet security policies earned failed grades for most US Federal Agencies, according to Congress.

Eight Federal Agencies - including the Department of Homeland Security, Department of Energy and DoJ - got an 'F' grade. The Nuclear Regulatory Commission scored an 'A'.

Most of the agencies improved their scores since the last report, leading to the House Government Reform subcommittee on technology upgrading its overall assessment of government IT security from an 'F' to a 'D'. This is the fourth year in a row that federal agencies have scored low marks for computer security.

The mediocre results are particularly disappointing when set alongside the heightened risk to government systems this year from crackers and prolific Internet worms such as Blaster and Slammer.

Federal Information Security Management Act (FISMA) reports from agencies formed the basis of the assessment.

Scores for individual agencies were calculated on the results of annual IT security reviews of systems and programs; progress on correcting identified weaknesses; the results of independent evaluations, staff training and continuity planning. ®