US Government Agencies Have Higher Security Levels
Although US government agencies fall short when it comes to protecting private data, apparently their level of security has been improved throughout 2007 according to their compliance analysis to the Federal Information Security Management Act (FISMA) of 2002. This is the core finding of a report recently issued by the Office of Management and Budget and quoted by ScurityFocus.
The Inspectors General for 22 of the 25 agencies required to comply with FISMA inventoried at least 80 percent of their systems in 2007, compared with 20 agencies that had reached that milestone in 2006. While an improvement over the previous year, only two-thirds of the IGs claimed that their auditing processes were rated “satisfactory” or better.
The increased awareness of their systems have also caused the agencies to report more attacks, the report stated. In 2007, incidents reported to the US Computer Emergency Readiness Team (US-CERT) jumped to 12,986, an increase of 150 percent over the previous year. While nearly a third of the incidents were alarms created by the US-CERT’s EINSTEIN network monitoring system and remain uncategorized, about a quarter were classified as improper usage and about 15 percent classified as unauthorized access, according to the OMB report.
OMB identified the four stars of the compliance efforts as being the National Aeronautics and Space Administration (NASA) and the Departments of State, Treasury and Defense, all doing a great job at complying to FISMA. The Department of Defense however did not do that great. It looks like security policies and compliances fall short for this particularly important agency.
