Cybersecurity officials turn tables on congressional graders
Federal computer security executives, who have been given an overall grade of D+ from a congressional committee for their efforts to secure information technology systems, have returned the favor with tough grades of their own for the rating process.
Each year, the House Government Reform Committee issues grades on agencies' compliance with the 2002 Federal Information Security Management Act. The grades are based on information reported by each agency and federal inspectors general to Congress and the Office of Management and Budget.
The 2004 grades found some improvement from 2003, but seven agencies, including the departments of Homeland Security and Energy, received Fs.
A survey of a quarter of agencies' chief information security officers conducted by Telos Corp. found that 36 percent gave the congressional grading process a C, and that a large majority do not believe there is any relationship between the cybersecurity report card and security funding. Another 23 percent of CISOs gave the report card a B. Fourteen percent of cybersecurity chiefs gave the report card either an A or F.
Sixty percent of CISOs said they found the report card process helpful in providing insight into their department's information technology security. But they also said that clarifying FISMA guidelines would go a long way in improving the value of the process.
Karen Evans, OMB's administrator for electronic government, said the agency is drafting updated FISMA guidance for fiscal 2005 and agency chief information officers will be able to comment prior to its publication.
Drew Crockett, a spokesman for House Government Reform Committee Chairman Tom Davis, R-Va., said in a statement that the committee was pleased to get the perspectives of the CISOs.
"Ultimately, we want to ensure that FISMA compliance does not become a paperwork exercise where agencies comply with the letter, but not the spirit, of the law," Crockett said. "We don't want them filling out forms to simply fill out forms."
RELATED STORIES
- House panel, company withdraw support for public-private cybersecurity group 04/11/05
- Computer security could be tied to agencies' funding 04/07/05
- OMB optimistic about e-gov and cybersecurity progress 03/07/05
- IT executives say cybersecurity is top concern 03/02/05
- Cybersecurity rating rises--barely 02/16/05
Post a Comment
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.