The Homeland Security Department—the government’s point agency for cybersecurity—fell short of top marks in three of five areas in the annual information security assessment, according to a report released Monday.
The 2017 Federal Information Security Management Act report rates the department’s various cybersecurity capabilities on a scale of 1 through 5, with the lowest score, 1, representing an “ad-hoc” use of information security and the highest being an “optimized” cybersecurity posture.
“Per the FY 2017 reporting instructions, Level 4, ‘managed and measureable,’ represents an effective cybersecurity function,” Homeland Security’s inspector general wrote. “Where an agency achieves Level 4 in the majority of the five cybersecurity functions evaluated, its information security program may be considered effective overall.”
The department fell just short of that target. Of the five categories assessed—identify, protect, detect, respond and recover—Homeland Security achieved Level 4 in two and Level 3 in the remaining three areas.
The department achieved Level