Today is report card day for 24 federal agencies that are graded annually on their information security performance.
The overall grade is expected to be a "C-minus," Brian Krebs of the Washington Post reported this morning on his Security Fix blog.
Last year, the agencies received an average grade of D+. The scores are based reports submitted by the agencies in response to the Federal Information Security Management Act of 2002 (FISMA).
Last year, the Agency for International Development, the Environmental Protection Agency, the General Services Administration, the Department of Labor, the Office of Personnel Management and the Social Security Administration received an ‘A-minus" or higher. The Agriculture, Defense, Energy, Homeland Security, Health and Human Services, Interior, State and Veterans Affairs departments all received failing grades.
Today’s announcement is scheduled to be made by U.S. Rep. Tom Davis, R-Va., chairman of the House Government Reform Committee whose wrote the legislation that mandates the grading.
Critics of the program have said it is nothing more than a paper exercise that speaks more to meeting compliance than proving sound security controls.
Click here to email reporter Dan Kaplan.
Looking for a new job? SCMagazine.com has the latest IT security employment opportunities. Click here for our jobs page.