''Is FISMA Making the Grade?'' Chief Information Security Officer Survey Says Federal Computer Security Grades Improving, but Challenges with Report Card Process Persist
Welcome to TMCnet.com
TMC Launches New Web Sites: Cable WiMAX   |    ITEXPO West begins in:   Register Now!
Columnists:
...more
E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts
Digg this article!

[April 12, 2007]

''Is FISMA Making the Grade?'' Chief Information Security Officer Survey Says Federal Computer Security Grades Improving, but Challenges with Report Card Process Persist

WASHINGTON --(Business Wire)-- The Merlin International Federal Research Consortium (MFRC), a group of leading Information Assurance solution providers, today announced the availability of its new report, "Is FISMA Making the Grade?" Based on a survey of Federal Chief Information Security Officers (CISOs), the study reveals that CISOs report their Federal Computer Security Report Card grades for 2007 have improved over 2006, but challenges persist with the process.



Despite progress, CISOs still struggle with language ambiguities related to the Federal Information Security Management Act (FISMA) guidelines, according to the study. In addition, CISOs from large and small agencies hold divergent opinions on the value of the Report Card process. The full report is available for download at http://www.merlin-intl.com/IAstudy.asp.

Report Card Grades Improving, Information More Secure



The MFRC study, based on a March 2007 survey of Federal CISOs, reveals that 75 percent of CISOs state their agency's Federal Computer Security Report Card grade improved in 2007. A majority of Federal CISOs identify streamlining certification and authentication (C&A) efforts as the primary factor promoting higher grades.

In line with Report Card grades, 75 percent of CISOs say that their IT security environment has "improved" or "significantly improved" since the House of Representatives' Oversight and Government Reform Committee released the 2006 Report Card. Looking forward, the report identifies increased auditing and authorization efforts as a key trend for 2007. Eighty three percent of Federal CISOs plan to increase IT audit trails and authorization efforts during the next year.

Large-Agency CISOs Give Report Card Higher Grades

CISOs from large agencies (more than 10,000 employees) have higher confidence in the Report Card's accuracy than their counterparts at smaller agencies. Sixty percent of CISOs from large agencies say the Report Card provides real insight into their agency's IT security; however, just 36 percent of CISOs from small agencies concur.

The findings suggest that the Report Card is not one size fits all, and that small agencies face different IT security challenges than their larger counterparts. Based on the CISO feedback, the current Report Card process does not take these differences into account. The study recommends considering a separate Report Card for small agencies.

Report Card-Funding Disconnect and Guidance Ambiguities Challenge CISOs

Federal CISOs identified ambiguities in FISMA language requirements as a continued challenge, negatively impacting Report Card grades.

In addition, the report sheds light on two persistent problems with the Federal Computer Security Report Card process and highlights the need to establish a more linear connection between an agency's IT security performance and the associated funding the agency receives.

First, Report Card grades have a questionable impact on an agency's IT security funding - 75 percent of respondents say they found little correlation between their agency's FISMA grade and their agency's IT security funding.

Second, Federal IT security professionals believe the Report Card grades have a negligible bearing on overall IT funding - 79 percent of CISOs say they have found no link between their agency's FISMA grades and their agency's overall IT budget.

"By shining a light on the government's IT security environment, the Federal Computer Security Report Card empowers CISOs to continuously evaluate and improve security for their agency's information assets," said John Trauth, executive vice president of Federal government systems at Merlin International. "That said, the Report Card process needs continuous improvement. Our report recommends several next steps, including modifications for small versus large agencies, and a continued effort to clarify requirements language."

About the Federal Computer Security Report Card

Largely based on security evaluations defined in the 2002 FISMA regulations, the House of Representatives' Committee on Oversight and Government Reform issues the Federal Computer Security Report Card annually. The Office of Management and Budget administers the initial FISMA evaluations.

About the "Is FISMA Making the Grade?" Report

The report, commissioned by the Merlin International Federal Research Consortium, is based on a survey of 30 out of a total of 117 CISOs conducted in March 2007. The full study is available for download at http://www.merlin-intl.com/IAstudy.asp.

About the Merlin International Federal Research Consortium

The Merlin International Federal Research Consortium is a group of leading Information Assurance solution providers committed to bringing insightful and timely market intelligence and best practices information to the Federal IT marketplace. Through research, education, and training the coalition works to empower government agencies to optimize their IT security environments. Members of the Merlin International Federal Research Consortium include BMC Software, F5 Networks, Layer 7 Technologies, Liquid Machines, Merlin International, NetApp, and Secure Elements.

[ Back To TMCnet.com's Homepage ]

Digg this article!
Discussions:
Be the first to post a comment on this page!
 
By  
TMCnet
+ Add to the Discussion

Video: Tech Test: Polaroid PoGo Pocketable, Practical

Polaroid is abandoning instant film, but if you're going to miss the feel of getting a small print in your hand a minute after shooting, the company has a solution: a battery-powered printer that fits in your pocket. (June 19)

Video: List of most fuel-efficient cars released

Consumer Reports has just come out with a listing of the best fuel-efficient vehicles on the road. It's based on the price paid divided by overall miles per gallon.

Video: Samsung Battles Apple's iPhone

Samsung to battle Apple's iPhone with Omnia Touchscreen Mobile; Samsung's Omnia will be commercially launched in Southeast Asia; Samsung and Nokia took global market share from Motorola last quarter; Analysis by Youngcho Chi, Samsung Electronics Senior VP

Featured White Papers  |  Featured White Papers from White Paper Library, research using the library of white papers for the latest white papers
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
----------------
Top Stories   |   Top Stories
---------------------------
---------------------------
---------------------------
---------------------------
---------------------------


Related VoIP News   |   Latest News

E-mail this page to a friend Order reprints online Print this page Bookmark this page Free magazines Free newsletters RSS-XML alerts
  2008 TMC Labs Innovation Award Winners Announced Presented By INTERNET TELEPHONY Magazine
  White Paper Library Re-Launched On TMCnet
  Introducing the 2008 IPTV Excellence Award Presented by INTERNET TELEPHONY Magazine
  TMCnet Welcomes New Columnist Peter Brockmann
  INTERNET TELEPHONY Conference & EXPO West 2008 Exhibit Hall Nearing Capacity for Fall Event
  Customer Interaction Solutions Announces 2008 IP Contact Center Technology Pioneer Award Winners
  Customer Interaction Solutions Magazine Names Brendan B. Read Senior Contributing Editor
  TMC Schedules Internet Telephony Conference & Expo West 2008
  PIKA Technologies Launches Telephony Hardware Community on TMCnet
  Announcing the 2007 Product of the Year Award Winners Presented by Communications Solutions
  Last Call for Speech Technology Excellence Award Entries
  TMC Schedules Internet Telephony Conference & Expo West 2008
  TMCnet Welcomes New Columnist Matt Bancroft
  TMC Launches WiMAXtoday.TMCnet.com