The FISMA 2006 grades for the government is out…

Looks like the numbers are out for 2006. Department of Veteran Affairs didn’t provide a scorecard. No wonder, considering the couple of terrible incidents that happened with computers being lost. Department of Justice totally got their act in gear this last year moving from a D to an A-.
Department of Homeland Security moved from F to D. That’s a great sign. Sort of. The reason why this is kind of bothersome is that all of the cyber crime divisions is housed in this agency. When you get right down to it, it’s not a good sign that the enforcers and policing of such crimes cannot even get the standards in place. That’s not a good thing.
What really bugs us here (and this is purely speculation and opinion) is that those agencies that keep failing every year. Somehow or another, there is a budget out there to actually help with getting compliant with such security standards, but year after year, these agencies keep missing the mark. So the question isn’t why they’re missing the mark (we already know why), but where is this budgeted money going? It’s one thing to mess up, but it’s another to have money and still continue to mess it up. In the corporate world, heads would roll by now. If there is a budget out there, perhaps it’s about time we see some heads roll here too.
BruceSchneier < ComputerWorld