Agencies to get security scores

Agencies will soon receive grades for their progress in information security.

Congressional representatives plan to release a report card next week, grading agencies on their work under the Federal Information Security Management Act (FISMA) of 2002, which strengthened congressional oversight of security matters.

The report card is intended to raise the visibility of the need for strong information security, said FISMA's author, Rep. Tom Davis (R-Va.).

"Many times in government do we come out with another mandate and no funding to do it? How do you prioritize?" said Davis, chairman of the House Government Reform Committee, speaking at an event sponsored by the Potomac Forum Ltd. and ICG Government. "This has not risen to the level of attention that's needed from senior management."

Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee, has been spearheading this effort and will release the report card, Davis said. Typical weaknesses include a lack of risk assessments, contingency plans, and complete certification and accreditation, as well as a failure to fix shortfalls found under FISMA's predecessor, the Government Information Security Reform Act of 2000, he said.

"I think there's going to be some surprises in it," Davis said of the report card. "Some agencies you'd expect to be out on top of this thing haven't met it."

Information security will garner attention if there is a massive cyberattack that could compromise the economy or homeland security, he said. The idea behind FISMA and the report card is to be proactive in security management.

"If we continue the way we're going, sooner or later we're going to have a major incident," he said. "We're trying to stay ahead of the curve."

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.