Apr 19, 2007

Grading the Government on Computer Security

Submitted by ksvingen on Friday, April 13, 2007 - 20:03
This seventh report card assigns grades to various federal departments and agencies on their computer security. While the overall grade for all agencies was a C-, the results varied from agency to agency. "[The] Agencies are rated on their annual tests of information security, their plans of action and milestones or corrective action plans, whether they certify and accredit their systems as secure, how well they manage the configuration of their computers to ensure security, how they detect and react to breaches of security, their training programs and the accuracy of their inventories." To see how DHS and others measured up, please see the full report at:

Please see the press release of the report at:

DOE got an F in 2005, C- in 2006.


Anonymous said...

Based on this, if Congress really wanted to improve computer security at the national labs (LANL, LLNL, SNL, ANL, ORNL, LBNL, etc) they would put the lab under the National Science Foundation. I recall that in the 1990s some federal report/committee suggested doing just this by changing NSF into the Department of Science.

Anonymous said...

The earlier suggestion is excellent. Unfortunately, it would only cover the 15% of all LANL employees that are involved in scientific research.

Anonymous said...

I add to the former comment that monies under the NSF come with no secrecy, after genuine competition and (shudder) peer revue. In other words, 15% would be very optimistic.

Anonymous said...

(sarcasm)The best thing to do to improve cyber security at DOE would be to follow all those fabulous guidelines that Hunteman has put up in his new role at OCIO. (/sarcasm)

And yes, the very best thing that could happen would be for one of the open labs to finally stand up and say: we don't want to play this idiotic game with DOE any more. Give us the $ in a grant or we just won't play anymore with these insane rules, ridiculous oversight and assurance, constant IG audits, and maddening regulations. Sadly, only LBL, Ames, and SLAC are even remotely in a position to do this - and none of them have the cajones...