Poor grades can mask progress in complex IT environments, such as DHS

The Homeland Security Department has received an F on the last two computer security report cards issued by the House Government Reform Committee, prompting chairman Tom Davis (R-Va.) to warn that “DHS needs to get its house in order.”

Outgoing CIO Steven I. Cooper gave the committee a frank assessment of the department’s cybersecurity road map for the coming year.

“I’m hoping we’ll get to a D for 2005,” he said.

It’s not that the department is not making progress, Cooper said. Some 2,500 IT systems have been certified and accredited, and a tangle of legacy systems are being consolidated and reorganized.

But the scale used by the committee to grade compliance with the Federal Information Security Management Act masks much of that progress, Cooper said.

“We have inherited a huge amount from our legacy environment,” he said. “We have more than 3,600 systems.”

That means DHS lost 10 points because only 68 percent of systems had gone through C&A, even though they include many of the department’s most critical systems.

The grading scale also includes 20 possible points for establishing detailed security configurations for a lengthy list of specific software platforms.

“We have everything on the list,” Cooper said. Because the department plans to retire many of those platforms in its consolidation, it is focusing on configuration management for only those systems it plans to keep. For that, Cooper said, he expects to lose many of those 20 possible points.

These losses and high thresholds in other areas make it unlikely DHS will rise above the 66 points needed to achieve a D for next year. Cooper said the department’s performance would make more visible improvement in 2006 as it completes the C&A process and meets other thresholds.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected