Agencies will soon receive grades for their progress in information security.

Congressional representatives plan to release a report card next week, grading agencies on their work under the Federal Information Security Management Act (FISMA) of 2002, which strengthened congressional oversight of security matters.

The report card is intended to raise the visibility of the need for strong information security, said FISMA's author, Rep. Tom Davis (R-Va.).

"Many times in government do we come out with another mandate and no funding to do it? How do you prioritize?" said Davis, chairman of the House Government Reform Committee, speaking at an event sponsored by the Potomac Forum Ltd. and ICG Government. "This has not risen to the level of attention that's needed from senior management."

Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee, has been spearheading this effort and will release the report card, Davis said. Typical weaknesses include a lack of risk assessments, contingency plans, and complete certification and accreditation, as well as a failure to fix shortfalls found under FISMA's predecessor, the Government Information Security Reform Act of 2000, he said.

[ Read more ]