Overall FISMA score stays roughly the same


Cybersecurity at the 24 largest federal agencies was roughly the same in measured quality during fiscal 2012 as the year before, according to a newly released annual report on agency compliance with the Federal Information Security Management Act.

The annual Office of Management and Budget report (.pdf) says the 24 agencies covered by the CFO Act collectively rate a 74 percent FISMA compliance rate for fiscal 2012. The year before' s compliance rate was 75 percent, but the two years aren't strictly comparable since 2012 saw the introduction of two new capability errors, one of which--email encryption--carries the lowest collective score, a considerably below average 35 percent. The other new capability area, the detection and blockage of unauthorized software, rated a 60 percent compliance rate, according to the report.

In all, the 24 agencies spent $14.6 billion on information technology security during fiscal 2012, the report says, the vast majority--90 percent--of it on personnel. Most personnel involved in agency cybersecurity are federal employees, although at some agencies including the departments of Homeland Security and Veterans Affairs, contractors outnumber civil servants. The overall percentage breakdown is 67.1 percent government employees and 32.9 percent contractors.

For more:
- download the fiscal 2012 FISMA report (.pdf)

Related Articles:
ENISA: Cybersecurity concerns will cause email abandonment
Federal incident response in cyberspace still an open question, says White House official
Cyber threat requires special bomber deterrent force, says DSB task force