Federal agencies flunk IT security audit. Again
Print storyOutstandingly mediocre
Posted in Security, 10th December 2003 12:30 GMT
Free whitepaper – Vulnerability management buyer's checklist
Inadequate Internet security policies earned failed grades for most US Federal Agencies, according to Congress.
Eight Federal Agencies - including the Department of Homeland Security, Department of Energy and DoJ - got an 'F' grade. The Nuclear Regulatory Commission scored an 'A'.
Most of the agencies improved their scores since the last report, leading to the House Government Reform subcommittee on technology upgrading its overall assessment of government IT security from an 'F' to a 'D'. This is the fourth year in a row that federal agencies have scored low marks for computer security.
The mediocre results are particularly disappointing when set alongside the heightened risk to government systems this year from crackers and prolific Internet worms such as Blaster and Slammer.
Federal Information Security Management Act (FISMA) reports from agencies formed the basis of the assessment.
Scores for individual agencies were calculated on the results of annual IT security reviews of systems and programs; progress on correcting identified weaknesses; the results of independent evaluations, staff training and continuity planning. ®
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive