The latest FISMA scorecards are out, with the grades for different agencies' efforts in the computer security arena. Amazingly, the overall grade--for all 24 major agencies in the federal government--has moved not a notch. Last year's D+ remains intact. For those who may be new to FISMA Fun, it works more or less like this: the General Accounting Office (GAO) and the Office of Management and Budget (OMB) ask each major agency's Inspector General (IG) to submit an independent report about computer security based on numerous guidelines and scoring criteria.
The IG requests input from each agency's CIO and other in-house security pros, and issues an annual report to the OMB. The GSA and OMB make their overall reports to the Committee on Government Reform, which is under the auspices of the U.S. House of Representatives. The whole thing came about under the Federal Information Security Management Act (FISMA), which President Bush signed in December 2002. Interestingly, the security reports are submitted at the same time as the agency's budget request.
The link for this article located at Security Pipeline is no longer available.