ARLINGTON, Va., April 12 /PRNewswire-USNewswire/ -- The Cyber Security Industry Alliance (CSIA) today called upon all government agencies to significantly bolster efforts in 2007 to comply with the Federal Information Security Management Act (FISMA) of 2002. The ranking member of the House Committee on Oversight and Government Reform, U.S. Representative Tom Davis (R-VA) today issued the annual FISMA report card for all Federal government agencies, reporting an average grade of C- for securing computer systems and networks in 2006. Since 2003, the overall average grade for agencies has never exceeded a D+. "We are somewhat encouraged by the slight improvement over last year's grades, however, there is still a lot of work to be done," said Liz Gasster, acting executive director and general counsel of CSIA. "While FISMA is an important first step in providing heightened information security awareness for agencies, there are not nearly enough consequences for those agencies who fail to comply. CIOs and CISOs must be given more authority to take action to enforce and implement the Act, or security will continue to suffer." Several grades worth noting from the 2006 report card include: -- Agency for International Development (USAID): A+ -- Department of Commerce: F -- Department of Defense (DoD): F -- Department of Homeland Security (DHS): D -- Department of Justice: A- -- Department of Veterans Affairs: No report submitted -- Social Security Administration: A -- Department of State: F -- Department of Treasury: F Added Gasster, "As part of the release, Congressman Davis announced the intention of reintroducing his legislation from last year, which would strengthen and clarify the important roles that CIOs and CISOs play in government agencies. This bill also expressly required government agencies to notify individuals when sensitive personal information contained in government systems is compromised. CSIA supports this legislation and other efforts that enhance information security employed by the government. In addition, agencies are currently required to report on privacy performance under FISMA, but the grades do not reflect this important data." Earlier this year, CSIA released its annual report, the 2007 Agenda for U.S. Government Action, which identified specific actions for Congress and the Administration to focus on for improving information security for citizens, industry and governments globally. As part of the Agenda, CSIA issued its Federal Progress Report for 2006 on the government's limited advancements in these same areas. CSIA offered a D grade in the area of federal information assurance and suggested that Congress and the Administration work more closely together to strengthen FISMA implementation and enforcement. CSIA's report outlines the following recommendations for government improvement in this area: -- To effectively establish and maintain a comprehensive information security program, the power of federal CIOs should be strengthened so that they can better enforce authority concerning budgets and personnel resources; -- Federal agencies should increase their assessments and testing of information security controls, and be required to adhere to acquisition regulations to ensure that all federal contractors comply with FISMA requirements; and -- All agencies should establish a common requirement to notify citizens in case of a breach of sensitive personal information. About the Cyber Security Industry Alliance The Cyber Security Industry Alliance is the only advocacy group dedicated exclusively to ensuring the privacy, reliability and integrity of information systems through public policy, technology, education and awareness. Led by CEOs from the world's top security providers, CSIA believes a comprehensive approach to information system security is vital to the stability of the global economy. Visit our web site at www.csialliance.org. Members of the CSIA include Application Security, Inc.; CA, Inc. (NYSE: CA); Bharosa Inc.; BSI Management Systems; Crossroads Systems, Inc. (OTCBB Pink Sheets: CRDS.PK); Entrust, Inc. (Nasdaq: ENTU); F-Secure Corporation (HEX: FSC1V); IBM Internet Security Systems Inc. (NYSE: IBM); iPass Inc. (Nasdaq: IPAS); MXI Security; PGP Corporation; Qualys, Inc.; RSA, The Security Division of EMC (NYSE: EMC); Secure Computing Corporation (Nasdaq: SCUR); Surety, Inc.; SurfControl Plc (LSE: SRF); Symantec Corporation (Nasdaq: SYMC); TechGuard Security, LLC; and Vontu, Inc.
SOURCE Cyber Security Industry Alliance