The FISMA program is based on compliance with NIST computer security standards.
Most federal agencies that play key roles in the war on terror are doing a dismal job of protecting their computers and information networks from hackers and viruses, according to portions of a report to be released by a key congressional oversight committee Thursday.
The Department of Homeland Security, which is charged with setting the government's cyber security agenda, earned a grade of F for the third straight year from the House Government Reform Committee. Other agencies whose failing marks went unchanged from 2004 include the departments of Agriculture, Defense, Energy, State, Health and Human Services, Transportation, and Veterans Affairs.
The House Government Reform Committee is expected to award the federal government an overall grade of D-plus for computer security in 2005, a score that remains virtually unchanged from 2004.
Several agencies saw a considerable drop in their scores. The Department of Justice went from a B-minus in 2004 to a "D" in 2005, while Interior earned failing marks after getting a C-plus in 2004.
The scores are "unacceptably low," committee Chairman Tom Davis (R-Va.) said in a statement. "DHS must have its house in order and should become a security leader among agencies. What's holding them up?"
The annual report bases the grades on the agencies' internal assessments and information they are required to submit annually to the White House Office of Management and Budget. The letter grades depended on how well agencies met the requirements set out in the Federal Information Security Management Act (FISMA).