Overall, the number of federal systems with effective security and privacy controls jumped to 6,607 last year, up 77 percent from 4,969 in 2003, the report said.
Agencies have "demonstrated significant progress" in certification and accreditation of systems, annual testing of system controls, contingency planning, implementation of security configuration requirements, and incorporating security costs into system lifecycle planning, according to the OMB.
"While progress has been made, agency IGs (inspector generals) continue to identify deficiencies in security policy, procedure and practice," the report states.
Areas of weakness include quality of agencies' certification and accreditation process, and agency-wide plans of action and milestones.
