FERC: $3.8M not enough for FISMA compliance

November 22, 2011
Cyber Security, FedCyber Wire, Financial
No Comment

The Federal Energy Regulatory Commission has not fully implemented cybersecurity policies and procedures due to budget and resource constraints, FERC officials told auditors performing a fiscal 2011 cybersecurity audit (.pdf). The commission estimated it spent approximately $3.8 million to secure its information technology assets during fiscal 2011, write authors of an Energy Department inspector general audit dated Nov. 15.

Policy shortfalls made software vulnerability remediation late or incomplete–leading to noncompliance with the Federal Information Security Management Act of 2002, they add.

via Fierce Government IT, continued here.