Davis gave the government an overall grade of C-minus, saying the grade indicated "slow but steady improvement" over the past three years. Last year he gave the government a D, down from a D-plus the year before.
DHS received a D, its only non-F so far, which Davis attributed to the department having established an inventory of its secure computer systems, adding that, "you can’t protect what you don’t know you have."
The committee called for more progress in developing effective security plans and milestones, and said improvement is needed in how systems are configured with security in mind as well as how employees with significant information security responsibilities are trained.
Incentives, such as bonus points awarded to agencies that take certain steps toward secure configurations of Microsoft Vista as they migrate to that newer version of Windows, would provide a means of driving improvements, the committee said.
"The results of the report card this year show that federal agencies are beginning to take seriously their responsibilities to safeguard sensitive information," said Rep. Mike Turner, R-Ohio, ranking member of the Information Policy, Census and National Archives subcommittee.
"It’s disturbing that some of the agencies with the most sensitive information continue to score poorly on this," he said, adding, "The Department of Defense, the Department of State and the Nuclear Regulatory Commission need to improve."