[ISN] OMB: Security improvements needed

From: InfoSec News (isn@private)
Date: Thu Mar 04 2004 - 03:11:22 PST

Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-10"

Previous message: InfoSec News: "[ISN] My experience as an Election Judge in Baltimore County by Avi Rubin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fcw.com/fcw/articles/2004/0301/web-fisma-03-03-04.asp

By Florence Olsen 
March 3, 2004

The federal government is moving in the right direction on information 
security, but progress in many areas remains slow, according a report 
that Office of Management and Budget officials submitted to Congress 
today.

Despite a budget increase of $1.5 billion in fiscal 2003 to pay for 
information security improvements, 24 of the largest federal 
departments and agencies still fell short of security goals that they 
were required to meet by law.

Today's report to Congress reflects the security status of agency 
information systems in September 2003, so some departments might be in 
a better position than that shown in the document released to 
lawmakers. Overall, however, the OMB document shows that all agencies 
have ample room for improvement. 

"While the federal government is heading in the right direction," the 
report states, "additional efforts are still warranted."

Of nearly 8,000 information systems in 24 federal departments and 
agencies, 6,236, or 78 percent, have undergone a risk assessment, a 
key measure that OMB officials use to evaluate the government's 
security practices. The measure showed a 13 percent increase compared 
to last year. OMB noted that many agencies lack contingency plans to 
ensure that their information systems could continue to operate in an 
emergency. 

OMB officials also reported that 5,838, or 73 percent, of the federal 
information systems that were reviewed had up-to-date security plans, 
an 11 percent improvement from a year ago.

The number of information systems that had been approved for operation 
following an extensive certification and accreditation process was 
4,969, or 62 percent, a 14 percent increase.

A total of 5,143, or 64 percent, of the systems had had their security 
controls tested and re-evaluated within the past year, up from 60 
percent the previous year. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-10"
Previous message: InfoSec News: "[ISN] My experience as an Election Judge in Baltimore County by Avi Rubin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 04 2004 - 05:23:53 PST