News

Federal Agencies Lag in Security Preparedness

When it comes to ensuring compliance with information security rules or best practices, a substantial minority of federal agencies still aren't making the cut.

That's the conclusion of the "Seventh Report Card on Computer Security at Federal Departments and Agencies," the latest edition of an annual report prepared by the House Oversight and Government Reform Committee.

The 2007 agency "report card" gives nine out of 24 federal agencies -- including, crucially, the Department of Defense, the Department of the Treasury, the Department of the Interior, and the Nuclear Regulatory Commission -- failing grades for their abilities to secure data.

Federal agencies as a whole received a "C" (up from a "C-" in 2006).

Rep. Tom Davis (R-Va.) takes a glum view of the report's findings. "We need to do more to bring consistency to the [information governance] community regarding standards and review," Davis said in a prepared release. "We need to seriously consider incentives for agency success and funding penalties and personnel reforms for agencies that don't measure up. We need a bill with teeth, and we need agencies to understand the goal is to keep information safe, not to check a statutory box."

The report assesses federal agencies on the basis of annual information security testing; security plans of action, milestones or corrective-action measures; whether their systems are certified and accredited as "secure"; security configuration management; their ability to detect and quickly react to security breaches; the existence and effectiveness of their security training programs; and the overall accuracy of their inventories.

Only two departments -- the U.S. Agency for International Development (USAID) and the National Science Foundation (NSF) -- received "A+" grades in both 2006 and 2007. Both the Department of Justice and the Environmental Protection Agency slipped from "A+" grades in 2006 to a more sobering "A-." The Social Security Administration received "A" grades in both 2006 and 2007, while three departments -- Housing and Urban Development, the Office of Personnel Management and the General Services Administration -- improved their 2006 showings to achieve "A" or better grades in 2007.

In addition to traditional metrics, the newest agency report card takes several additional factors into account, including each agency's financial statements for fiscal year 2007. It's for this reason that USAID, the NSF and the Social Security Administration (SSA) were all commended for what the report's authors call their "sterling" financials. Similarly, both HUD and the DOJ received low-confidence "A"s because of their "weaker" financial results.

Interestingly, a number of agencies (including the Department of Energy, the Department of Homeland Security, NASA and the Department of Education) slipped drastically, notching "D" or lower grades.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.