The Department of Homeland Security, which is charged with setting the government’s cyber security agenda, earned a grade of F for the third straight year from the House Government Reform Committee. Other agencies whose failing marks went unchanged from 2004 include the departments of Agriculture, Defense, Energy, State, Health and Human Services, Transportation, and Veterans Affairs…
The scores are “unacceptably low,” committee Chairman Tom Davis (R-Va.) said in a statement. “DHS must have its house in order and should become a security leader among agencies. What’s holding them up?”
The story questions whether the Federal Information Security Management Act (FISMA) compliance process on cybersecurity is actually effective. An official from the SANS Institute notes that agencies spend so much time and energy documenting their compliance with FISMA that they have scant resources left over to actually implement cybersecurity improvements. This is an issue that GovExec also raised in a story a few weeks ago.
Tom Davis is holding a hearing on these grades tomorrow morning. Look for additional informaiton on agency FISMA compliance to be available at that time.