Resources for Federal Information Security Management Act (FISMA)

House revisits FISMA

www.gcn.com

The Office of Management and Budget reports that as of last year agency compliance with the Federal Information Security Management Act (FISMA) had significantly improved. In 2007, 92 percent of information systems were certified and accredited, 86 percent of agencies had a tested contingency plan, and 95 percent had tested security controls.

Unfortunately, FISMA compliance is not necessarily a good measure of information technology security, a panel of witnesses told a Senate subcommittee March 12. There are no consistent assessments of the effectiveness of the controls being put into place, and practical examples of weaknesses, such as system penetrations and data loss, continue to crop up.

“Despite reported progress, 20 of 24 agencies continue to experience information security control deficiencies,” said Gregory Wilshusen, director of information security issues at the Government Accountability Office.

Sen. Thomas R. Carper (D-Del.), chairman of the Homeland Security and Government Affairs Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, cited a litany of security breaches, including data losses by agencies and the apparent systematic probing of federal IT systems by China. He called the weaknesses “simply unacceptable.”

View the Resource

Share or bookmarklet this web page at: