The U.S. Government received a “D-plus” grade overall on the House Government Reform Committee’s 2004 information security report card, based on requirements set out in the Federal Information Security Management Act (FISMA). Seven government agencies, including the Department of Homeland Security, flunked the congressional oversight committee’s annual IT security assessment.
The government continues to expand its e-government initiatives and search for more ways to leverage its information technology,” Representative Tom Davis (R-Va.), chairman of the committee, told CertMag EXTRA. “Therefore, information security is more important now than ever. Given the interconnectivity of systems across cyberspace, all it takes is one weak link to break the chain. The vulnerabilities of our systems are significant, and the potential damage that can be done is almost unspeakable. That’s why I drafted the Federal Information Security Management Act (FISMA) of 2002, to require agencies to protect themselves against this ever-changing scope of cyber threats.”
According to Davis, FISMA requires each federal agency to establish a comprehensive, risk-based approach to information security management across each department. This includes risk assessments, risk management policies, security awareness training and periodic reviews. FISMA also compels agency heads and inspectors general (IG) to evaluate their computer security programs and report the results of those evaluations to the Office of Management and Budget (OMB) in September of each year along with their budget submissions. In addition, FISMA requires agency heads to report the results of those evaluations annually to Congress and the Government Accountability Office. The House…
Please log in or subscribe to read this article