(
Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın) - The annual release of cybersecurity grades are helping to improve U.S. government security
but the law the grades are based on needs to be more specific
U.S. agency chief information security officers (CISO):-)said in a survey.
Sixty-seven percent of CISOs surveyed said they believe their agency's IT security has improved since their Federal Information Security Management Act (FISMA) grades were released a year ago. The CISO survey was part of the report
Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın published by the Merlin International Federal Research Consortium
representing a group of IT security vendors.
On Thursday
Rep. Tom Davis
a Virginia Republican
released the 2006 FISMA scores
with eight of 24 agencies getting A-minus grades or better. Eight agencies
including the Department of Defense
the Department of State
and the Department of the Treasury
received F grades. FISMA
passed by Congress in 2002
requires agencies to take several actions
including conducting inventories of their IT equipment.
Although federal CISOs acknowledged that their agencies' cybersecurity has improved under FISMA
46 percent of those surveyed said FISMA could be improved by clearer guidelines. Another 42 percent said FISMA could provide better guidance for yearly security controls tests. Only 54 percent of respondents said FISMA reporting provides real insight into their agency's IT security.
"High-level policies are nice -- to say
'thou shalt be more secure
'" said Mark Zalubas
CTO at Merlin International
a consulting firm associated with the consortium. "It's better when you provide specific language about how far you need to go."
Ambiguity in FISMA language requirements and funding issues were the two top reasons CISOs gave for decreases in FISMA grades this year
although 75 percent of those surveyed said their FISMA scores improved. Five of the agencies saw declines in their final letter-grade scores
released by Davis.
The funding issue isn't an easy one to fix
Zalubas said. "That's one you struggle with all the time
" he added. "Do you give additional funding to folks who are doing poorly?"
Davis and Karen Evans
administrator of e-government and information technology in the White House Office of Management and Budget (OMB)
both defended FISMA at a Thursday press conference. FISMA is a tool that helps agencies move forward on cybersecurity
Evans said.
"We want to get beyond the metrics
" Evans said. "What we really want to do is make these results real. We want to make sure [agencies] are protecting the information they're gathering on behalf of the citizens."
The U.S. government is making progress toward specific goals
said Ned Miller
president and CEO of Secure Elements
another member of the Merlin consortium. Late last month
OMB issued guidelines for security configurations of the Windows XP and Vista operating systems
and the National Institute of Standards and Technology is working on security checklists that agencies can use
he said.
"What we're seeing is OMB taking a very proactive role
" Miller said.
Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın
04-14-2007, 12:40 AM
Survey: Gov't CISOs say FISMA can be improved
Benzer Konular
Normal
