Cybersecurity report reveals weaknesses.
For the fifth straight year, at least half of all U.S. federal agencies received a grade of "D" or worse on the House Government Reform Committee's annual report.
According to The Washington Post, the Department of Homeland Security led a list of seven agencies that received failing grades for their cybersecurity efforts in 2004, with the federal government earning an overall grade of "D+" from the congressional oversight committee.
The committee based the grades on internal agency assessments and data that agencies are required to submit annually to the White House Office of Management and Budget. Grades depended on how well agencies met the requirements set out in the Federal Information Security Management Act (FISMA), which requires them to meet certain computer security standards.
Agencies that received failing marks include the departments of Agriculture, Commerce, Energy, Health and Human Services, Housing and Urban Development, and Veterans Affairs. The departments of Defense and Treasury, as well as the National Aeronautics and Space Administration and the Small Business Administration, received a "D."
The good news is that 2004's overall grade of "D+" is up slightly from the "D" and "F" grades Uncle Sam earned on the 2002 report card. Ten agencies improved their scores over 2003, but eight actually earned lower scores for 2004.
One explanation for the underachievement, says Dennis Heretick, the Justice Department's chief information security officer, is that agencies were required to meet new standards last year that were not evaluated in past report cards, such as determining how frequently agencies applied software patches to known computer security flaws.
|Printer friendly Cite/link Email Feedback|
|Publication:||Information Management Journal|
|Article Type:||Brief Article|
|Date:||May 1, 2005|
|Previous Article:||Please, don't save everything.|
|Next Article:||Database debacles: individuals' privacy is rapidly eroding as more and more of their most intimate information is collected and sold by data brokers...|