Web www.software-risk.co.uk

The Office of Management and Budget has given agencies a clean bill of health on security. Well, a qualified clean bill of health.

A report is sent to Congress every year with the state of government security. The 2004 Federal Information Security Management Act report has just been sent to Congress.

77% of 8,623 systems have been certified and accreditied as safe. Organisations also have to test their management, operational and technical controls. 76% of applications had been so tested.

The requirement to both test the security but also the controls within systems mirrors the requirements of the private sector Sarbanes-Oxley ad.

However these figures are below the 80% target, and certainly below a new standard of 90% applicable from September 30th.

“The federal government has made significant progress in identifying and addressing its security weaknesses,” OMB said in the report. “However, uneven implementation of security measures across the federal government leaves vulnerabilities to be corrected.”

Areas that agencies fall down on include:- agency wide plans of action, milestones and process improvement.

Surprisingly the Department of Homeland Security stands out as not having a plan of action and milestones. Defense and health also had neither.

Related Articles
ArcSight Common Event Framework
SecureLogin Single Sign-On 6.0
Archer and Transport Contract
Dept of Justice Contract for Archer
Archer Technologies Wins Security Award
CA at RSA 2006
Budget authority
Micromuse Extends Risk Offering

Similar Areas

Process Improvement Items

Security Items

Risk Management Items

US Government Items

Internet Security Items

Selected Books

Keywords

Office of Management and Budget

Congress

Federal Information Security Management Act

Federal Information

Security Management

operational controls technical controls