US agencies cybersecurity defences are outstandingly mediocre
Print storyFrom Dunce's cap to C- in one bound
Posted in Government, 13th April 2007 19:39 GMT
Understand how application security is evolving
Information security procedures in federal government have improved, albeit modestly. An annual computer security report card on 24 federal agencies released Thursday rated average security at "C-minus for 2006 compared to D+ in 2005.
So instead of been sent to bed without their pork supper, Federal IT managers have earned a pat on the head, if not a generous end of term present. The scores are based on reports submitted in response to the Federal Information Security Management Act of 2002 (FISMA).
Perennial security underachievers the US Department of Homeland Security received its first-ever non-failing grade, managing to pull its performance up from an F to a D, the first time since the scheme began in 2003 that it didn't flunk.
Although overall security procedures improved the Department of Defense (DoD) recorded a failing F grade. Meanwhile the Department of Veterans Affairs - whose loss of laptops containing veterans' confidential data triggered a huge security breach - failed to submit a report. The Nuclear Regulatory Commission, another agency that has trouble keeping track of its PCs, flunked. On a brighter note, the DoJ picked up an A- while the Social Security Administration rated an A.
The reports are overseen by the House Government Reform Committee, the well-spring of the FISMA laws. Although supporters of the law say it provides an incentive for improving security controls critics (including government IT managers) say the audit is more about fulfilling compliance requirements than reducing exposure to information security risks. Security industry observers also criticise the lack of remedial action, or indeed consequences of any type, that result from agencies receiving a failing grade. ®
See what The Register's experts have to say on application security
The future of SaaS and IT infrastructure management
Should your email live in the cloud: a comparative cost analysis
Hosted security IT manager's guide
Jump start your Application Security initiatives
Securing your Apache web server with a Thawte digital certificate
Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter