The Guerilla CISO blog has some amusing points posted about the dismal (nine Fs) 2007 FISMA report:

I can’t believe it, but DHS scored a “B” against all odds. =) And of course, by now the response to the report card is all rote–everybody wonders what the letters really mean […] I guess it just goes to prove what we say about the classified world: the people who know don’t talk and the people who talk don’t know. In this case, everybody attacks the metric because, well, it’s a bad metric–what action are we supposed to take because of what the results are? It’s also pretty much ignored by this point anyway except for the witty sound bites from some of my “favorite people”, so it’s nothing to get all hot and bothered about.

I always felt the same way about my report cards. Go ahead, ask him what he thinks about SANS and Gartner opinions on the report.