Information Security: Agencies Make Progress in Implementation of Requirements, But Significant Weaknesses Persist

Without proper safeguards, fed. agencies' computer systems are vulnerable to intrusions by individuals and groups who have malicious intentions and can obtain sensitive info., commit fraud, disrupt operations, or launch attacks against other computer systems and networks. Concerned by reports of significant weaknesses in fed. systems, Congress passed the Fed. Info. Security Mgmt. Act (FISMA), which permanently authorized and strengthened info. security program, evaluation, and annual reporting requirements for fed. agencies. This is testimony on a draft report on: (1) the adequacy and effectiveness of fed. agencies' info. security policies and practices; and (2) their implementation of FISMA requirements.