Seven of 24 meet security requirements

A recent audit of 24 of the largest federal agencies found only seven agencies in compliance with a law requiring that they certify and accredit their information systems' security.

The audit report released this week by the Government Accountability Office prompted Rep. Adam Putnam (R-Fla.) to issue a statement chastising federal agencies for not complying with security policies and guidelines issued by Office of Management and Budget officials.

Among the 24 agencies reviewed by GAO auditors, six reported having fewer than half of their information systems accredited and certified. Two agencies, the Agriculture and Housing and Urban Development departments, have no accredited and certified systems.

The best performers were the Social Security Administration and Nuclear Regulator Commission, which reported having 100 percent of their critical information systems certified and accredited to operate.

Officials at 18 of the agencies surveyed said they struggled to find funds to enact the mandatory certifications.

The review looked at agencies' certification and accreditation procedures to determine whether they provided consistent and comparable results. It also looked at whether the certification procedures provide sufficient information for senior agency officials to understand the risks of operating those systems.

GAO's analysis found inconsistencies in the way agencies report certification and accreditation data, which lessened the usefulness of the data. Auditors further questioned the reliability and quality of the data.

The auditors reviewed end-of-year data reported to OMB officials in fiscal 2002 and 2003, in addition to quarterly data submitted to the agency in March. Most of the systems covered in the review were not national security systems.

The audit report recommends that OMB officials amend their reporting guidelines to require agencies to submit additional information on the quality and consistency of their certification and accreditation data.

In addition, it recommends that agency inspectors general examine the quality of agency-reported certification data as part of independent security evaluations that IGs are required to perform under the Federal Information Security Management Act of 2002.

Putnam, who is head of the House subcommittee that oversees federal information technology policies, expressed his disappointment with the report's findings. "The current information security threat environment that exists in the world today demands that the federal government lead by example," he said.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.