The Office of Management and Budget has given agencies a clean bill of health on security. Well, a qualified clean bill of health.

A report is sent to Congress every year with the state of government security. The 2004 Federal Information Security Management Act report has just been sent to Congress.

77% of 8,623 systems have been certified and accreditied as safe. Organisations also have to test their management, operational and technical controls. 76% of applications had been so tested.

The requirement to both test the security but also the controls within systems mirrors the requirements of the private sector Sarbanes-Oxley ad.

However these figures are below the 80% target, and certainly below a new standard of 90% applicable from September 30th.

“The federal government has made significant progress in identifying and addressing its security weaknesses,” OMB said in the report. “However, uneven implementation of security measures across the federal government leaves vulnerabilities to be corrected.”

Areas that agencies fall down on include:- agency wide plans of action, milestones and process improvement.

Surprisingly the Department of Homeland Security stands out as not having a plan of action and milestones. Defense and health also had neither.

Related Articles
Archer and Transport Contract
Dept of Justice Contract for Archer
Rumsfeld Attacked Over Private Identity