FISMA — the Federal Information Security Management Act — sets the standards and procedures agencies must observe in order to improve their security profiles. Each year, every department and independent agency is given a letter grade, based on their implementation of the elements of FISMA.
In fiscal 2005, 85 percent of government systems were certified and accredited, Evans said; this year, 88 percent of the systems received C&A.
This addresses “how much risk to live with,” Evans said. “This identifies risks [and] controls — at the end it makes agencies think about services versus their risks, and senior management has to sign off” on that tradeoff.
In another category, 78 percent of agencies tested their security contingency plans in 2006, up from 60 percent in 2005, Evans said.
And inspectors general at 19 agencies verified and assigned ratings on weaknesses identified in their organizations’ systems, up from 17 agencies the previous year.
The numbers indicate how well government systems are secured, Evans said. “That’s why the combination of those three numbers is important.”
Autor(en)/Author(s): Patience Wait
Quelle/Source: Government Computer News, 02.11.2006