The government’s aggregate score for information security on a report card based on agency reports provided under the Federal Information Security Management Act has increased from a C- to C.
Still, the ranking member on the House Oversight and Government Reform Committee, Tom Davis, R-Va., who authored FISMA, called for "incentives for agency success and funding penalties and personnel reforms for agencies that don’t measure up."
Davis called for "a bill with teeth," to get agencies to actually keep information and government computer systems secure and not just go through the motions to meet statutory requirements.
According to minority staff on the committee, agencies were rated on annual tests of information security, plans of action and milestones, whether their systems are certified as secure, how well they manage computer configuration, how they detect and react to breaches, training programs and the accuracy of their inventories.
The U.S. Agency for International Development, the National Science Foundation and the Social Security Administration all got A’s, as did the Department of Housing and Urban Development and the Department of Justice, though based on less reliable audit results.
