AKIBIA'S PRACTICAL GUIDE TO ENTERPRISE TECHNOLOGY

Tuesday, May 03, 2011

Federal FISMA Compliance Rated “Poor”

Last year responsibility for ensuring compliance with FISMA was turned over to the Department of Homeland Security. The Office of Management and Budget’s report for FY2010 finds that government agencies aren’t doing so well with compliance to FISMA.

 In fact, OMB’s annual report on implementation of the Federal Information Security Management Act of 2002 found federal compliance with information security guidelines to be poor.

“Only one agency received a compliance score of 100 percent for its information security program which, based on its IG's review, met all 62 attributes,” the report states. “The remaining agencies had at least one area that needed improvement. Three agencies did not have a cyber-security program in place for one security area, and one agency did not have a program in place for two security areas.”

Then you read an article where Secretary Janet Napolitano outlines DHS cyber-security focus and you see statements like: “we also must assist the private sector in securing itself”.  Interesting. Shouldn’t they be focusing on governmental FISMA shortcomings before expanding to the private sector?

What does this mean for private companies in the future in terms of new regulations? I’m starting to wonder, should we be afraid when we hear “we’re from the government and we’re here to help”?
 

Dennis is Product Champion of Compliance & Risk at Akibia.

LABELS:

Dennis Thrift,

Compliance,

FISMA

Post a Comment

BLOG ARCHIVE

• 2012 (2)
  • April (2)
    • Data leakage concerns for sensitive information in files and using mechanisms such as classification
    • SecureWorld Boston 2012 – Security of Mobile Devices
• 2011 (29)
  • December (1)
    • Is Employee Cybershopping Threatening Your Company's Security?
  • October (1)
    • Plans are nothing; planning is everything
  • September (1)
    • Has it really come down to a bag of chips?
  • August (6)
    • Modernization is The Key
    • VRM (Vendor Relationship Management)
    • The Double Dip Recession is Coming!
    • Security Faux Pas
    • Too Extreme? I don’t think so. Tying security to compensation.
    • Unique Requirements for Exchange 2010 Based Messaging Platform and Dependencies
  • July (2)
    • Configuration Management with System Center
    • Keep living in a fantasy world…
  • June (7)
    • The Softer Side of Information Security…
    • The Black Hats Get It. Do you?
    • More from midTECH
    • midTECH IT Summit
    • Advances and Limitations of Windows DHCP/DNS Services
    • Choosing the Right Consultant
    • Don't Panic Yet
  • May (3)
    • Citrix Synergy 2011
    • Citrix Summit 2011 - Day 1
    • Federal FISMA Compliance Rated "Poor"
  • April (1)
    • First Time Offshoring?
  • March (3)
    • AFCOM Data Center World - Day 2
    • AFCOM Data Center World - Day 1
    • RSA SecurID Breach: Are Your Tokens Safe?
  • February (1)
    • You can outsource the work, but not the responsibility
  • January (3)
    • P3 Cubed: Focus on the Basics Part III
    • P3 Cubed: Focus on the Basics Part II
    • P3 Cubed: Focus on the Basics
• 2010 (19)
  • December (1)
    • The Next Generation of Smartphones in the Enterprise
  • October (1)
    • How to Ensure a Successful Monitoring Implementation
  • September (2)
    • Too Many Requirements; How One VP of IT Handles It
    • The Missing Link
  • August (2)
    • Informationweek Survey of Sun Customers - Demonstrably Worse Service
    • The Death of Information Security
  • July (1)
    • Moving to Larger Mailbox Sizes with Exchange 2010
  • June (3)
    • Top 10 Features in Exchange 2010 for Users
    • Low Risk Support Alternatives for Cisco End of Life Equipment
    • Health Providers Beware of the New HITECH Act
  • May (1)
    • Compliance and Security Go Hand in Hand – How to Achieve Both
  • April (2)
    • A Boston Globe Article Ignites a Password Controversy - Why We Need Them, How to Make Them Effective
    • Reviewing Oracle's Changes - Has the Sun Set on Sun Systems?
  • March (2)
    • New Requirement - New Fire Drill?
    • Why HP is Worried about TPM's
  • February (1)
    • Has the Sun Set on Flexible Support Options?
  • January (3)
    • You Inherited Your Cisco Infrastructure, But Do You Know Why You are Still Buying It?
    • Your Workers are Surfing While Snacking on a Big Mac - Time to Revisit Managing Your End-Point.
    • Ensuring Security in the Virtualized Environment
• 2009 (34)
  • December (1)
    • Monitoring Via the Cloud
  • November (2)
    • Sun Makes More Changes Amid Uncertainty
    • Sky High Cloud Chatter
  • October (2)
    • Improving Vulnerability and Patch Management
    • A Couple Quick and Easy Green IT Steps
  • September (3)
    • Don’t Put off Until Tomorrow…
    • Boston's Missing Email Case Has Many People Asking Questions about Digital Forensics
    • IT Needs Turbo Compliance
  • August (3)
    • Take Full Advantage of System Monitoring
    • Implement, educate and enforce strict Social Media usage policies – in that order
    • Preparing for a Return to Growth? It’s Not Too Soon to Make Process Improvements
  • July (2)
    • Death by A Thousand Processes: Getting Compliance Right Requires a Change in Thinking
    • Wrest Control of Your Data Center Back From the OEM
  • June (3)
    • Getting Ready for Cloud Computing
    • A Letter to Ralph Szygenda, the CIO of General Motors
    • Lax Web Site Security: The Site Owner's Responsibility
  • May (3)
    • The Checklist Approach to IT Security is Failing You
    • Financial Strength of Your Vendors…Show Me the Money!
    • PCI DSS v1.2 and its Requirement from WEP to WPA Wireless Encryption
  • April (4)
    • The Near-Term Impact of Oracle Buying Sun
    • On the Path to the Cloud... Walk Before You Run
    • CIOs Need to Manage Up, Broadcast Successes
    • Consolidate Support Vendors?
  • March (4)
    • A Potential Sun Acquisition - Impact on Service
    • April 14 is Decision Day for Those Running Microsoft Exchange 2003
    • HIPAA Revitalized in 2009 and Beyond
    • Ten Steps for the Mass Data Security Law
  • February (7)
    • Tightening Budgets and Their Impact on IT Security
    • Recent Breaches Remind us to Focus on Security
    • The Training You Need Vs. The Training You Receive
    • Emphasizing Virtualization Security
    • DNS Audits: A Practical Guide
    • Practical Green IT
    • "Practical Use" Fills the Gap Between Idea and Implementation

BLOGS WE LIKE

• CIO - Blogs and Discussion - Best Practices
• InformationWeek’s Global CIO Weblog