Office of Management and Budget
President's Budget
Management
Information &
Regulatory Affairs
Legislative Information
Agency Information

OMB Letterhead

FOR IMMEDIATE RELEASE
March 1, 2008
Contact: OMB Communications, 202-395-7254

ANNUAL FEDERAL SECURITY INFORMATION ACT
REPORT SHOWS AGENCY IMPROVEMENTS
IN SECURING IT SYSTEMS

Washington, DC — Today, the Office of Management and Budget (OMB) transmitted to Congress its Fiscal Year 2007 Federal Information Security Management Act (FISMA) Report. The FISMA report contains the results of information security and privacy performance metrics reported by agency Chief Information Officers, Inspectors General, and Chief Privacy Officers and allows agencies a better understanding of the security of their systems and the information to hold agency managers accountable for resolving any identified deficiencies.

Agencies have demonstrated sustained progress in meeting the Federal goal toward securing 100 percent of operational systems. In FY 2007, 92 percent of all systems operated with complete Certification and Authentication (C&A), and 86 percent of all systems operated with tested contingency plans. In addition, 95 percent of all systems operate with security controls tested within the last year.

On data security metrics, 84 percent of systems requiring a Privacy Impact Assessment (PIA), met the publicly posted requirement. PIAs ensure agencies consider privacy concerns and incorporate mitigating measures into the development and operation of the system. 83 percent of systems requiring a System of Records Notice (SORN) met the publicly posted requirement. SORNs ensure agencies provide the public with sufficient notice and opportunity to comment on the use and disclosure of individual records.

“We saw a significant improvement in agencies’ C&As performance, and contingency and controls testing,” said E-Government Administrator, Karen Evans. “In 2007, 92 percent of IT systems operated with completed security accreditations, an increase from 47 percent reported in 2002. Agencies tested security controls for 95 percent of all systems in operation. In the meantime, we will continue to work towards securing 100 percent of operational systems.”

The annual FISMA report is available on OMB’s web site www.omb.gov.

###