TechLaw

The federal government spent over $74 million on information security training in 2006, prodded by the 2002 Federal Information Security Management Act, 44 U.S.C. 3541.

Despite this expenditure, many federal agencies score poorly on the dreaded Federal Computer Security Report Card, which is derived from annual FISMA audit information.  The most recent report card, dated April 12, 2007, gave the Department of Defense an F, the U.S. Treasury an F, and the Department of Homeland Security a D.  The Department of Veterans Affairs, which accidentally released personal information on 26.5 million active and retired military personnel in 2006, did not bother to file a FISMA report.

SecureInfo Corp. thinks it may have uncovered one explanation for the government's poor performance. According to a May 2007 study by the McLean, Va., consulting firm, 65 percent of federal workers surveyed had not even heard of FISMA. Of those who had heard of FISMA, 40 thought it was a "compliance headache."