Computer security grades improve slightly

The government rises from a C-minus average to a C in FISMA's score card.

The government's overall information security grade has improved from a C-minus to a C, according to the Federal Information Security Management Act's score card.


The score card compared the years 2006 and 2007. The House Oversight and Government Reform Committee issues the annual score card based on agency reports required by the 2002 FISMA law.


Although the government's score has improved since the first score cards reported failing grades, Rep. Tom Davis (R-Va.), the ranking minority member on the committee, said it's not adequate.


“We need to seriously consider incentives for agency success and funding penalties and personnel reforms for agencies that don’t measure up," he said. "We need a bill with teeth, and we need agencies to understand the goal is to keep information safe, not to check a statutory box.”


Although the government average is in the middle, most individual agencies showed either great success or failure. Averaging the extremes led to the C average.


The departments and agencies that scored A-minus, A or A-plus were:



  • Justice Department



  • Agency for International Development



  •  Environmental Protection Agency



  • National Science Foundation



  • Social Security Administration



  • Housing and Urban Development Department



  • Office of Personnel Management



  • General Services Administration


Departments, commissions and agencies with F grades were:



  • Transportation Department



  • Labor Department



  • Defense Department



  • Interior Department



  • Treasury Department



  • Nuclear Regulatory Commission



  • Veterans Affairs Department



  • Agriculture Department