The overall grade for federal agencies on the federal
information security management act report card rose 2.5
points to a D-plus, Government Reform Committee Chairman
Tom Davis, R-Va., announced at a recent hearing, signaling
that agencies have made some progress but have a long way
to go.
Agencies have made improvements in certifying and accrediting
systems, annual testing and security training, but according
to Davis, improvements need to be made to annual reviews of
contractor systems, contingency plan testing, configuration
management, incident reporting, and specialized training.
The report card partly measures the ability of agencies to
safeguard information as it moves within agencies, across
departments, and across governmental jurisdictions.
Several agencies received grades of F again, and Davis said
the committee would investigate why, but noted other agencies
such as the Department of Transportation improved certification
and accreditation and brought its grade up to an A-minus. The
State Department received a D-plus after earning 30 points over
last year as well.
During his announcement, Davis said there was a need for agency
inspectors general to standardize their evaluations process when
completing annual independent FISMA audits, “so we can make fair
comparisons between agencies,” noting that while they often do an
excellent job, some submit incomplete reports or nothing at all.
