Over the past few months we have told that a number of federal entities including NOAA, USPS, the State Department and the White House have been hacked. The Federal Informatoin Security Management Act (FISMA) has been around since 2002 and all federal entities are supposed to be in compliance with its requirements. This (annual) report by the OMB provides status of FISMA compliance across 24 federal government entities (and does not include the USPS; and NOAA is part of the Department of Commerce). So what’s the current status? According to the linked report, the entities that have been “hacked” are doing pretty well across the metrics categories – remote access, security monitoring, incident detection, training etc. The state department, for example is at 99% for multi-factor authentication for remote access. And close to a 100% in terms of trusted internet connections.