USDA …

                                            USDA

                              United States Department of Agriculture

                                      Office of the Secretary
                                      Washington, D.C, 20250




September 29, 2006

The Honorable Rob Portman
Director
Office of Management and Budget
Washington, D.C. 20503

Dear Director Portman:

I am pleased to send you the Department of Agriculture (USDA) Chief Information
Officer's and the Office of Inspector General's security program assessment and report
for fiscal year (FY) 2006 as required by the Federal Information Security Management
Act of 2002 (FISMA).

The body of this report discusses the steps taken by USDA and its agencies to implement
FISMA, details progress made in FY 2006, and identifies information technology (IT)
security gaps and weaknesses. The central focus of the report is on performance and
accountability. Significant progress has been made; however, we acknowledge the need
to continue our efforts to identify the root causes of recurring weaknesses as well as the
steps necessary to overcome them.

During FY 2006, USDA put into place a security program and measures that address the
various elements of IT security. The Office of Inspector General's independent
evaluation of USDA's information technology program recognizes that progress has been
made in a number of areas. However, the report also identifies several areas of
information technology security that need additional improvement. The Department
intends to address these areas as part of its program implementation during FY 2007.

Over the past year, the Department has instituted changes to its IT security program, and
we have identified additional changes that need to be made. These changes need time to
mature in order to fully satisfy the requirement of an effective IT security program.
Sincerely,




Mike Johanns
Secretary

Enclosures



                                    An Equal Opportunity Employer