OMB: Security improvements needed

Copy of the FY 2003 Report to Congress (PDF format)

The federal government is moving in the right direction on information security, but progress in many areas remains slow, according a report that Office of Management and Budget officials submitted to Congress today.

Despite a budget increase of $1.5 billion in fiscal 2003 to pay for information security improvements, 24 of the largest federal departments and agencies still fell short of security goals that they were required to meet by law.

Today's report to Congress reflects the security status of agency information systems in September 2003, so some departments might be in a better position than that shown in the document released to lawmakers. Overall, however, the OMB document shows that all agencies have ample room for improvement.

"While the federal government is heading in the right direction," the report states, "additional efforts are still warranted."

Of nearly 8,000 information systems in 24 federal departments and agencies, 6,236, or 78 percent, have undergone a risk assessment, a key measure that OMB officials use to evaluate the government's security practices. The measure showed a 13 percent increase compared to last year. OMB noted that many agencies lack contingency plans to ensure that their information systems could continue to operate in an emergency.

OMB officials also reported that 5,838, or 73 percent, of the federal information systems that were reviewed had up-to-date security plans, an 11 percent improvement from a year ago.

The number of information systems that had been approved for operation following an extensive certification and accreditation process was 4,969, or 62 percent, a 14 percent increase.

A total of 5,143, or 64 percent, of the systems had had their security controls tested and re-evaluated within the past year, up from 60 percent the previous year.