Agencies have continued to close the IT security performance gaps in some areas over the past year but progress dropped slightly in some areas primarily due to a few agencies, OMB has said.
It said baseline performance measures indicated improved security compliance including a 10 percent increase in security awareness training for agency employees and contractors as well as a 3 percent increase in training for employees responsible for information security.
The number of certified and accredited systems increased by 938 to 9,313 in fiscal 2006 while the number of systems with tested contingency plans increased by 1,911 to 8,144, according to OMB’s fiscal 2006 report to Congress on the implementation of the federal information security management act.
It said OMB would work with agencies to focus management attention on accurate and up-to-date system inventories, security configurations, contingency plans, and contractor oversight, as well as agency certification and accreditation and “plan of action and milestone” processes.
Other areas OMB said require additional focus include agency determination and assignment of risk impact levels, privacy training for federal employees and contractors, and oversight coordination between agencies and IGs.
OMB also said the administration would focus on the implementation of the information systems security line of business initiative to establish shared service centers for security training and FISMA reporting.
