http://www.washingtontechnology.com/news/1_1/daily_news/29452-1.html
By Wilson P. Dizard III
Contributing Writer
10/04/06
Homeland Security Department officials cited progress in securing IT
systems across the sprawling organization as reflected in an Inspector
General Office report issued today. They expressed confidence that their
department would receive a passing grade for the first time in next
years federal IT security report card.
The report forms part of the process that leads to the assignment of a
letter grade for IT security. Todays report, for the first time, does
not point to DHS performance as a material weakness that would lower the
grade.
Even as the IG report mentioned significant improvements in IT security,
it pointed to specific areas where DHS has much work to do. DHS
officials concurred in the auditors evaluation of needed security
upgrades and described their planned improvements in an annex to the
report.
According to the report, Some of the issues that we identified and
recommendations made in our FY 2005 report to assist DHS and its
components in the implementation of its information program have been
addressed. The report cited improvements in developing a comprehensive
system inventory and increasing the number of systems that have been
certified and accredited.
The report tagged five major problems with DHS technology security:
* Not all DHS systems have been certified and accredited.
* Some of the IT security weaknesses in DHS agencies dont appear in
the departments Plan of Action and Milestones.
* Data in the departments enterprise management tool, Trusted Agent
FISMA, is not complete or current.
* System contingency plans have not been tested for all systems and
* The departments IT security procedures should be improved.
Charles Armstrong, the departments deputy CIO, said in a telephone
interview today, Weve made huge progress since 2003. There were
components that got their IT ripped apart and glued into ours [when DHS
was created]. We still are in the throes of trying to rationalize and
get to one IT structure, so to go from [approximately] 20 percent of
systems being certified and accredited to 90-plus percent is a really a
good feat.
Armstrong predicted that This is one year where we look forward to
testifying in front of [House Government Reform Committee chairman Rep.]
Tom Davis [R-Va.] and telling him our stories of success."
Department spokesman Larry Orluskie said in an e-mail message, DHS has a
total inventory of 692 DHS IT systems; 589 systems, or 85 percent, were
certified and accredited as of Sept. 15, 2006. And, this is the number
reported in the department's 2006 [Federal Information Management
Security Act] report to OMB. Orluskie added, We anticipate 100 percent
[of the systems will be certified and accredited] by the end of calendar
year 2006!
DHS received an F for its IT security under the FISMA process for 2003,
2004 and 2005, years in which the departments Inspector General
highlighted serious material weaknesses in the area. But Orluskie said
that the department expects to receive its first passing score when the
report cards for 2006 are issued in early 2007.
Armstrong assigned much of the credit for the improved performance to
chief information security officer Bob West.
_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 01:46:18 PDT