Overall, the federal government got a “D” for information security (an improvement over last year’s F), on the fourth annual Information Security Report Card, released by the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.
The grades are based on agency reports required by the Federal Information Security Management Act of 2002 and submitted to the Office of Management and Budget, but the General Accounting Office also played a role in helping the subcommittee reach its conclusions.
Agencies that did well, according to Putnam, provided a full inventory of their IT assets, identified mission critical systems, had strong reporting procedures, maintained tight controls over contractors, and had strong guidelines for finding and eliminating weaknesses.
14 agencies improved over last year, but 14 are still below a C and eight failed. The Nuclear Regulatory Commission and the National Science Foundation both got “A’s”, a first for the report card, and the Social Security Administration and the Department of Labor got a “B+” and a “B,” respectively.
DHS flunked, but Putnam recognized the organizational difficulties it faced in its reorganization and said the committee expected significant improvement.
The subcommittee will contact agency chief information officers in the coming weeks to help them develop plans of action, prior to the release of a similar OMB report due out in March, said Putnam, who also announced he would contact the Appropriations Committee and champion funding for network security. Get Document