http://www.washingtontechnology.com/news/1_1/daily_news/29452-1.html By Wilson P. Dizard III Contributing Writer 10/04/06 Homeland Security Department officials cited progress in securing IT systems across the sprawling organization as reflected in an Inspector General Office report issued today. They expressed confidence that their department would receive a passing grade for the first time in next years federal IT security report card. The report forms part of the process that leads to the assignment of a letter grade for IT security. Todays report, for the first time, does not point to DHS performance as a material weakness that would lower the grade. Even as the IG report mentioned significant improvements in IT security, it pointed to specific areas where DHS has much work to do. DHS officials concurred in the auditors evaluation of needed security upgrades and described their planned improvements in an annex to the report. According to the report, Some of the issues that we identified and recommendations made in our FY 2005 report to assist DHS and its components in the implementation of its information program have been addressed. The report cited improvements in developing a comprehensive system inventory and increasing the number of systems that have been certified and accredited. The report tagged five major problems with DHS technology security: * Not all DHS systems have been certified and accredited. * Some of the IT security weaknesses in DHS agencies dont appear in the departments Plan of Action and Milestones. * Data in the departments enterprise management tool, Trusted Agent FISMA, is not complete or current. * System contingency plans have not been tested for all systems and * The departments IT security procedures should be improved. Charles Armstrong, the departments deputy CIO, said in a telephone interview today, Weve made huge progress since 2003. There were components that got their IT ripped apart and glued into ours [when DHS was created]. We still are in the throes of trying to rationalize and get to one IT structure, so to go from [approximately] 20 percent of systems being certified and accredited to 90-plus percent is a really a good feat. Armstrong predicted that This is one year where we look forward to testifying in front of [House Government Reform Committee chairman Rep.] Tom Davis [R-Va.] and telling him our stories of success." Department spokesman Larry Orluskie said in an e-mail message, DHS has a total inventory of 692 DHS IT systems; 589 systems, or 85 percent, were certified and accredited as of Sept. 15, 2006. And, this is the number reported in the department's 2006 [Federal Information Management Security Act] report to OMB. Orluskie added, We anticipate 100 percent [of the systems will be certified and accredited] by the end of calendar year 2006! DHS received an F for its IT security under the FISMA process for 2003, 2004 and 2005, years in which the departments Inspector General highlighted serious material weaknesses in the area. But Orluskie said that the department expects to receive its first passing score when the report cards for 2006 are issued in early 2007. Armstrong assigned much of the credit for the improved performance to chief information security officer Bob West. _________________________________ Donate online for the Ron Santo Walk to Cure Diabetes! http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 01:46:18 PDT