U.S. federal agencies' information security efforts are weak, haphazard and worse than White House figures suggest, according to an auditor's report released Tuesday. The U.S. General Accounting Office, the auditing arm of Congress, said in a 36-page report
that agencies have "not yet shown significant progress" in
securing their computers from internal and external attacks and have been slow to comply with the Federal Information Security Management Act of 2002.
The report recommended standardized testing and risk assessment, as well as outside verification of agencies' own progress reports. In addition, most federal agencies "experienced more-limited progress" than the White House's own figures on information security compliance suggest, the GAO concluded.