FISMA and Oracle: 2005 Report Card

The Federal Information Security Management Act (FISMA) of 2002 requires all government agencies to submit to the Office of Management and Budget an annual evaluation of IT security across the agency. The overall results of these reports are complied and reported in the annual "Federal Computer Security Report Card", which scored the Federal government a D+. One aspect of the evaluation process relates to the use of configuration policies for Oracle. We reviewed the publicly available agency reports to compile an Oracle-specific report card to see how agencies are doing with one small slice of FISMA. The results are not encouraging -- even agencies that achieved high overall scores have not implemented configuration policies for Oracle. The overall Oracle grade is a D-.

Click here to get the file