SiliconBeat

Six years after passage of the Federal Information Security Management Act (FISMA), a report by the Government Accountability Office describes the persistence of “significant weaknesses” to the security of the federal government’s computer systems, leaving them “vulnerable to intrusion by individuals and groups who have malicious intentions and can obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks.”

In their fiscal year 2008 performance and accountability reports, 20 of 24 major agencies noted that the information system controls over their financial systems and information were either a significant deficiency or a material weakness, according to the report released today by the GAO. And 23 of the 24 major federal agencies reported having weaknesses in their agency-wide information security programs last year.

While progress was made in some areas — including increases in the number and percentage of employees and contractors receiving security awareness training, the number and percentage of systems with tested contingency plans, and the number and percentage of systems that were certified and accredited — the GAO reported that the number and percentage of employees with important security responsibilities who had received specialized training decreased “significantly”. Also, the number and percentage of systems that had been tested and evaluated at least annually decreased slightly.