News Release

Survey Shows Government IT Decision Makers Achieving Progress in Security Compliance

Significant Gaps Still Remain
Nov 16, 2005

HERNDON, VA, November 16, 2005 - A survey released today by networking leader Cisco Systems, Inc. indicates that the U.S.government has made progress implementing requirements of the 2002 Federal Information Security Management Act (FISMA). However, no more than 35 percent of the information technology (IT) decision makers surveyed believe they will achieve full compliance within the next 12 months in any of the 17 requirement areas measured by the survey.

The survey was conducted last month by Market Connections, a federal IT market research firm. The online research effort targeted U.S. federal IT decision makers from 28 civilian and military agencies who are involved in network security solutions.

Security issues that survey responders showed greatest concern for were "loss of privacy of employee and citizen data due to a security breach," and "unaware or unconcerned users". While traditional security components were most important to an agency's total security efforts, management related factors such as compliance reporting were significantly less important.

"While federal IT decision makers have an eye on traditional components such as network firewalls and a growing demand for products that support existing equipment and security architecture, there is a definite lag in importance being placed on management issues such as compliance reporting, centralized management of network security and development of business cases for security solutions," said Lisa Dezzutti, president of Market Connections, Inc. "We may see this trend shift over the next 12 to 18 months towards greater importance of these management related activities as they become further entrenched in day-to-day agency operations."

"The survey validates the need for comprehensive information security solutions that both integrate coverage against a wide range of complex security threats and make it easier to audit compliance to FISMA controls," said Bruce Klein, vice president of federal operations at Cisco. "Internet Protocol (IP) communications are transforming the way government works and as the leading IP provider, Cisco sees providing security for the information infrastructure as both a business opportunity and a responsibility."

The study revealed strong opinions around factors that influence the choice of security solutions and vendors. Vendors must be able to demonstrate that products work seamlessly together with existing authentication databases and that they can automatically respond to new threats. However, the most important finding around vendor choice was the perceived importance of compatibility. Over 90 percent of respondents rated vendor solutions compatible with existing equipment and security architecture as very or extremely important when choosing a network security provider.

Also critical is the vendor's ability to demonstrate an understanding of the agency's needs, a common response among federal agencies, according to Market Connections. Significantly more defense respondents noted providing all components or breadth of solution as extremely important.

"The importance buyers place on compatibility and compliance with installed systems is consistent with our observations," said Klein. "Cisco has created the most complete information security solution available, engineered into the infrastructure. Our work with our partners to provide convenient and effective delivery of these solutions enables customers to address the various managerial, technical and operational aspects of FISMA."

Additional survey findings include:

  • The most significant barriers (referred to as "mountains versus molehills" in the survey) to improving an agency's network security capabilities include funding and budget, and other projects getting higher priority.
  • Making solutions easier to understand and implement are the top ways vendors can help agencies improve or enhance security plans and programs.
  • Nearly 70 percent of all respondents have either a permanent or interim Chief Information Security Officer/Chief Security Officer.
  • Top overall priorities over the next 12 months include achieving green status in all five categories of the President's Management Agenda (PMA), improving grade on the General Accounting Office security scorecard and achieving FISMA compliance.
  • Linking budget to program performance was the lowest overall priority with less than 40 percent rating it as an important priority.
  • At 53.7 percent, Cisco is clearly perceived as a leading provider of network security, with the second place provider following with 15 percent.

Security around IP telephony ranked at the bottom of the respondents' list of concerns."Although pure IP telephony systems represent a small but growing portion of the installed federal base, the market is definitely moving toward Voice over IP," said Klein, who noted that market analysts estimate that sales to enterprise customers of IP-based phone systems will exceed sales for traditional TDM systems this year.

About the Survey

In October 2005, Market Connections fielded an online survey of federal IT decision makers involved in network security solutions. Respondents represented 28 different civilian, defense and independent agencies within the U.S. federal government around the country and included agency CIOs, program managers, IT directors and managers. All respondents were screened to ensure that they had some level of responsibility in the decision making process for network security solutions within their branch, agency or department. The solicitation email inviting participants to the survey went to over 13,000 government IT trade publication readers and conference attendees.

Located in Fairfax, Virginia, Market Connections Inc., is the federal IT market's premier provider of full-service custom market research services. Additional information is available at