GAO: Feds falling down on IT security
Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
U.S. federal agencies' information security efforts are weak, haphazard and worse than White House figures suggest, according to an auditor's report released Tuesday. The U.S. General Accounting Office, the auditing arm of Congress, said in a 36-page report that agencies have "not yet shown significant progress" in securing their computers from internal and external attacks and have been slow to comply with the Federal Information Security Management Act of 2002.
The report recommended standardized testing and risk assessment, as well as outside verification of agencies' own progress reports. In addition, most federal agencies "experienced more-limited progress" than the White House's own figures on information security compliance suggest, the GAO concluded.