OMB: Agencies improve IT security, but many are short of goals

Agency IT security has shown marked improvement over the last three years, but too many departments still are falling short in meeting the goals of the Federal Information Security Management Act, the Office of Management and Budget said today in its annual report (PDF) to Congress.

After reviewing almost 8,000 systems, OMB found that 62 percent have been certified and accredited by the agency’s inspector general or a private-sector third party. This was short of OMB’s goal of certifying 80 percent by Dec. 31, 2003.

And because of these shortfalls, OMB is requiring agencies to fix the problems before spending any money on development, enhancement or modernization projects in fiscal 2004 (Click for GCN story).

OMB also found half of all major agencies do not have a security remediation process verified by their IGs. This was again short of OMB’s goal of all 24 agencies having a confirmed process to identify, track and correct weaknesses.

Additionally, agencies fell short of OMB’s third goal for fiscal 2003—integrating security into the lifecycle of at least 80 percent of all IT systems. OMB said 78 percent of all agencies met this requirement.

There was some good news: The government improved in all seven categories OMB evaluates.

  • 78 percent of all systems have been assessed for risk and assigned a risk level, up from 65 percent in 2002.


  • 73 percent of all systems have up-to-date IT security plans, an increase of 11 percent over last year.


  • 68 percent of all systems have contingency plans, up from 55 percent last year.


  • This year, OMB wants agencies to improve their incident prevention and management capabilities by increasing their emphasis on reducing the impact of worms and viruses, the report said.

    The Commerce Department, NASA, the National Science Foundation, the Nuclear Regulatory Commission, the Office of Personnel Management and the Social Security Administration were the among the agency leaders, reporting at least 79 percent of all systems meeting the requirements in all seven categories.

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.

    Featured

    • FCW PERSPECTIVES
      sensor network (agsandrew/Shutterstock.com)

      Are agencies really ready for EIS?

      The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

    • People
      Dave Powner, GAO

      Dave Powner audits the state of federal IT

      The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

    • FCW Illustration.  Original Images: Shutterstock, Airbnb

      Should federal contracting be more like Airbnb?

      Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

    Stay Connected

    FCW Update

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.