FISMA Certification and Accreditation Handbook

Chapter 23: Improving Your Federal Computer Security Report Card Scores

Excellent firms don t believe in excellence only in constant improvement and constant change.

Tom Peters

Introduction

Each year, every agency has the opportunity to improve its annual Federal Computer Security Report Card. Aside from being audited by their own OIG and then by the GAO, agencies are required to self-report FISMA and privacy information annually. The White House Office of Management and Budget gives specific instructions on how to prepare and submit your agency s FISMA information. An overview for agencies to use on how to self-report their FISMA information is listed in memorandum M-05-15 available at www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html.

Detailed self-reporting instructions are available at www.whitehouse.gov/omb/memoranda/fy2005/m05-15_att.pdf.

The Excel template into which you enter your FISMA information is available at www.whitehouse.gov/omb/inforeg/fisma/FY05_ FISMA_reporting_template_CIO.xls.

Agency Inspector Generals are required to file their own report on their agency based on the subset of systems and documents that they review when they come on site for audits.

Elements of the Report Card

Each agency receives a roll-up score based on the consummate score from the agency s bureaus and their respective departments. Every year the report card grade changes. If your agency scored well last year, that doesn t necessarily mean they will score well in subsequent years. Each year, the self-reporting templates that contain the roll-up scores all change somewhat. Last year, the self-reporting template put emphasis in the following areas:

  • Number of systems certified and accredited (including contractor systems)

  • Configuration management

  • Security policies and procedures

  • Security training and awareness

  • Number of security incidents reported

  • Incident detection capabilities

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Quality Assurance and Compliance Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.