Poor information security within Federal agencies has been identified as a high-risk issue by the General Accounting Office (GAO) since 1997. In October 2000, legislation designed to improve information security was enacted. The Federal Information Security Act of 2002 (FISMA) strengthened the 2000 legislation by incorporating new requirements. This report presents information from the Office of Management and Budget’s (OMB) recent report to Congress on the overall status of the Government’s information security campaign. Also reviewed and summarized are the fiscal year 2003 FIMSA reports for the 24 largest Federal agencies and the standards and guidance issued by the National Institute of Standards and Technology (NIST). The OMB report to Congress indicates that there have been significant improvements in identifying and addressing long-standing information security problems, but some challenges remain. According to OMB, one main government-wide challenge is the lack of understanding and accountability on the part of Federal agents in terms of their information security responsibilities. Recommendations to close the gap through management and budgetary processes are included in the OMB report. The 2003 FIMSA data revealed that overall the 24 largest Federal agencies are making progress toward information security. The total number of systems assessed for risk in these 24 agencies jumped from 65 percent to 78 percent and those having a contingency plan rose from 55 percent to 68 percent. However, some of these agencies still reported that less than half of their information systems met certain security requirements. Moreover, weaknesses were reported in each of the six key areas of general control: (1) security program management; (2) access controls; (3) software development and change controls; (4) segregation of duties; (5) operating systems controls; and (6) service continuity. Such weaknesses place a broad spectrum of Federal operations and assets at risk. Recommendations by GAO include having independent validation of data and completion of systems inventories. Tables, figures