The House Government Reform Subcommittee for Management, Information and Technology, headed up by Rep. Stephen Horn (R-CA), issued its first set of report cards for computer security. Averaging all the grades for all major federal agencies, the government as a whole received a D- in computer security. “Obviously there is a great deal of work ahead,” according to Horn.
A grade of “F” was issued to computers in the Justice Department, the Department of Labor, the Small Business Administration, and the Office of Personnel Management. The highest grade issued was a “B” which went to the Social Security Administration. The National Science Foundation received a “B-.” All other agencies received lower grades.
The Treasury Department computers, which include the IRS’s computers, received a “D” in computer security.
Grades were based on existence of security programs, access controls, the ability to provide continuous service, checks on unauthorized changes, limiting access to sensitive files, and segregation of duties.
Critics complained that the results used in the grading were a year old and agencies have made upgrades and changes that were not reflected in the grades.