The seventh annual Report Card on Computer Security at Federal Departments and Agencies is out, and it looks like the federal government is slowly improving its computer security measures. Issued by the House Committee on Oversight and Government Reform and covering all federal department and agencies, the report card gives the government as a whole a C-, a very modest improvement from 2005's D+.
At the departmental level, the Department of Homeland Security scored its first passing grade ever. Don't start booking space on the honor roll yet—DHS just squeaked by with a D. Some of the other departments were unable to even muster up a D-, however. The Departments of Defense, Agriculture, Commerce, Interior, and State all recorded Fs as did the Nuclear Regulatory Commission. Veterans Affairs got an incomplete after receiving an F last year.
The DHS managed to improve its score by finally developing a full inventory of its information security apparatus while showing most improvement in some of the other categories, according to the report.
The biggest improvements came from the Department of Housing and Urban Development, which soared to an A+ from a D+, perhaps by copying the homework of the Office of Personnel Management, which scored its second straight perfect grade. The Department of Justice also did much better, going from a D to an A-. Health and Human Services got a B after getting an F last year.
The modest improvement would be encouraging, except for the fact the State and Defense Department continue to fail at the task of complying with 2002's Federal Information Security Management Act, while the DHS barely complies. FISMA mandates minimum IT security requirements and appropriate security controls, calls for standards for categorizing IT and related data by mission impact, and provides guidance for certifying and accrediting information systems. The ultimate goal is more secure information systems within the US government, including critical infrastructure.
Commenting on the government's overall C- grade, Rep. Tom Davis (D-VA), the ranking member of the Government Oversight and Reform Committee said "This grade indicates slow but steady improvement from past years. Obviously, challenges remain. While there are some excellent signs of progress in this year's report, and that's encouraging, I remain concerned that large agencies like DOD and DHS are still lagging in their compliance."
Fed, Cybersecurity, Internet, Grade, Graded, Department