In last year’s FISMA scorecard, USAID received an “F” for not implementing a continuous network monitoring program in place and not providing automated data feeds to the CyberScope tool, according to the Office of Management and Budget’s FISMA report to Congress. The CyberScope tool automates FISMA reporting; OMB originally gave agencies a Nov. 15, 2010, deadline to implement a system that could provide automated data feeds to the tool, although few agencies actually met the deadline.
Other agencies receiving a failing FISMA grade last year included Department of State, Department of Education, the Department of Veterans Affairs, Department of Health and Human Services, Department of Transportation, the Department of Interior, and, in last place, the Department of Agriculture. However, USAID stood out in how far it fell from the 2010 scorecard, where it received an “A”.
Horton told Federal News Radio that his agency is taking steps to address the gaps identified by the OMB. "We have plans in place to handle both so we will get our score back up this year," he said.
A major challenge for the agency with implementing continuous monitoring was the process. "We were a little behind in getting it running and I think that's what caused the FISMA score last year. It's not really a difficult proposition. Most of what we do on a security basis isn't that difficult. It's just a matter of getting it done", Horton said.