[iwar] [fc:Feds.To.Receive.Computer.Security.Report.Cards]

From: Fred Cohen (fc@all.net)
Date: 2001-11-08 11:25:27

Next message: Fred Cohen: "[iwar] [fc:Broderbund.offers.NSA.compliant."Complete.Delete"]"
Previous message: Fred Cohen: "[iwar] [fc:Uncle.Sam.Wants.Napster]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200111081925.fA8JPR707035@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Thu, 8 Nov 2001 11:25:27 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Feds.To.Receive.Computer.Security.Report.Cards]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Feds To Receive Computer Security Report Cards

By Brian Krebs,
Newsbytes.com Staff Writer
Thursday, November 8, 2001; 11:16 AM

A House subcommittee will hand out report cards on Friday to two dozen
federal agencies, grading them on their efforts to protect the government's
most vital computer networks.

The grades are required under the Government Information Security Reform
Act, a law passed in November 2000 that requires federal agencies to asses
and test the security of their non-classified information systems.

Agencies are graded on the results of penetration testing and overall
security of their computer systems, which is analyzed both by agency
inspectors general and auditors from the General Accounting Office (GAO).
The reports are then tied to each agency's budget request submitted to the
Office of Management and Budget (OMB) for the coming fiscal year.

The report cards will be dispersed at a hearing of the House Subcommittee on
Government Efficiency, Financial Management and Intergovernmental Relations,
whose chairman - Rep. Stephen Horn, R-Calif., made a name for himself by
grading government agencies on their Y2K computer readiness in the months
leading up to last year's millennial date rollover.

Whatever grades the 24 agencies earn this year, they could hardly do worse
than the last time around. Last fall, the subcommittee found "serious
weaknesses" at nearly all of the agencies under review, a result that earned
the federal government an overall grade of D-minus for computer security.

While two agencies - the Social Security Administration and the National
Science Foundation - managed to improve computer security practices last
year - the remainder received failing grades.

Among the agencies the GAO flunked last year for lax security policies were
the departments of Agriculture, Health and Human Services (HHS), Interior,
Justice and Labor, as well as the Office of Personnel Management (OPM) and
the Small Business Administration (SBA).

In last year's survey six agencies, including the Departments of Defense,
Veterans Affairs, Treasury, Environmental Protection Agency (EPA), the
General Services Administration (GSA) and the National Aeronautics &amp; Space
Administration (NASA), received a grade of "D" in the GAO's survey.

Reported by Newsbytes.com, http://www.newsbytes.com

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Universal Inkjet Refill Kit $29.95
Refill any ink cartridge for less!
Includes black and color ink.
http://us.click.yahoo.com/1_Y1qC/MkNDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next message: Fred Cohen: "[iwar] [fc:Broderbund.offers.NSA.compliant."Complete.Delete"]"
Previous message: Fred Cohen: "[iwar] [fc:Uncle.Sam.Wants.Napster]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST