Agencies are making progress with longstanding information
security weaknesses but there is an evident lack of
accountability among agency officials who do not understand
their responsibilities, the Office of Management and Budget
reported to Congress recently regarding 2003 data it
collected under the Federal Information Security Management
Act.
However, that FISMA data could be improved through validation
and the completion of system inventories, the General
Accounting Office has said in a review of OMB’s report.
It said OMB’s report on the implementation of FISMA
requirements by 24 of the largest federal agencies showed
that risk assessments for systems increased from 65 to 78
percent, systems having contingency plans in place rose from
55 to 68 percent, and systems authorized for processing
after certification and accreditation went up from 47 to 67
percent. However, some agencies reported to OMB that less
than half their systems met certain requirements.
According to GAO, OMB told Congress that the National
Institute of Standards and Technology is attempting to improve
the usefulness of performance measurement data by developing
standards with which to categorize systems — for example,
the potential impact that system would have in the event of
a security breach. However, NIST said that current and future
funding constraints could threaten future information security
work. sparklist.com
