Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Survey: Gov't CISOs say FISMA can be improved

By Grant Gross , IDG News Service , 04/13/2007

The annual release of cybersecurity grades are helping to improve U.S. government security, but the law the grades are based on needs to be more specific, U.S. agency chief information security officers said in a survey.

Sixty-seven percent of CISOs surveyed said they believe their agency's IT security has improved since their Federal Information Security Management Act (FISMA) grades were released a year ago. The CISO survey was part of the report, Is FISMA Making the Grade, published by the Merlin International Federal Research Consortium, representing a group of IT security vendors.

Don't Miss!Read the latest WhitePaper - Top 10 Considerations for Scaling a WAN Acceleration Solution

On Thursday, Representative Tom Davis, a Virginia Republican, released the 2006 FISMA scores, with eight of 24 agencies getting A minus grades or better. Eight agencies, including the Department of Defense, the Department of State and the Department of the Treasury, received F grades. FISMA, passed by Congress in 2002, requires agencies to take several actions, including conducting inventories of their IT equipment.

Although federal CISOs acknowledged that their agencies' cybersecurity has improved under FISMA, 46 percent of those surveyed said FISMA could be improved by clearer guidelines. Another 42 percent said FISMA could provide better guidance for yearly security controls tests. Only 54 percent of respondents said FISMA reporting provides real insight into their agency's IT security.

Related Content

"High-level policies are nice -- to say, 'thou shalt be more secure,'" said Mark Zalubas, chief technology officer at Merlin International, a consulting firm associated with the consortium. "It's better when you provide specific language about how far you need to go."

Ambiguity in FISMA language requirements and funding issues were the two top reasons CISOs gave for decreases in FISMA grades this year, although 75 percent of those surveyed said their FISMA scores improved. Five of the agencies saw declines in their final letter-grade scores, released by Davis.

The funding issue isn't an easy one to fix, Zalubas said. "That's one you struggle with all the time," he added. "Do you give additional funding to folks who are doing poorly?"

Davis and Karen Evans, administrator of e-government and information technology in the White House Office of Management and Budget (OMB), both defended FISMA at a Thursday press conference. FISMA is a tool that helps agencies move forward on cybersecurity, Evans said.

The IDG News Service is a Network World affiliate.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.