The Cyber Security Industry Alliance (CSIA) called upon all government agencies to significantly bolster efforts in 2007 to comply with the Federal Information Security Management Act (FISMA) of 2002. The ranking member of the House Committee on Oversight and Government Reform, U.S. Representative Tom Davis issued the
annual FISMA report card yesterday for all Federal government agencies, reporting an average grade of C- for securing computer systems and networks in 2006. Since 2003, the overall average grade for agencies has never exceeded a D+.
"We are somewhat encouraged by the slight improvement over last year's grades, however, there is still a lot of work to be done," said Liz Gasster, acting executive director and general counsel of CSIA. "While FISMA is an important first step in providing heightened information security awareness for agencies, there are not nearly enough consequences for those agencies who fail to comply. CIOs and CISOs must be given more authority to take action to enforce and implement the Act, or security will continue to suffer."
Several grades worth noting from the 2006 report card include:
- Agency for International Development (USAID): A+
- Department of Commerce: F
- Department of Defense (DoD): F
- Department of Homeland Security (DHS): D
- Department of Justice: A-
- Department of Veterans Affairs: No report submitted
- Social Security Administration: A
- Department of State: F
- Department of Treasury: F
Added Gasster, "As part of the release, Congressman Davis announced the intention of reintroducing his legislation from last year, which would strengthen and clarify the important roles that CIOs and CISOs play in government agencies. This bill also expressly required government agencies to notify individuals when sensitive personal information contained in government systems is compromised. CSIA supports this legislation and other efforts that enhance information security employed by the government. In addition, agencies are currently required to report on privacy performance under FISMA, but the grades do not reflect this important data."
