I\u2019m simply amazed that federal agencies continue to average below a passing grade on their annual FISMA scores.\u00a0Any student knows that anything below a 2.0 (C) means you do not pass and are not eligible to compete in sports or other extracurricular activities.\u00a0We should do the same with federal agencies until they not only receive a passing grade but do so for two consecutive grading periods (you know, like auditors require demonstrating the relative maturity of the program, repeatable\/defined\/managed).\u00a0No federal agency can spend on any new initiatives until their security grade is brought up to acceptable standards, a minimum 2.0.\u00a0Funding levels increase as grades increase. Yes, that means you too DHS.\u00a0Your three year running grade is now at a dismal .33 with an improved rating this year to a D after two consecutive F years.\u00a0Bluto Blutarsky you are not.Real ID is back in the news again with states starting to push back on the creation of national IDs. The most disturbing thing for me is that each state must agree to share its motor vehicle database with all other states. This database must include, at a minimum, all the data printed on the state drivers' licenses and ID cards, plus drivers' histories (including motor vehicle violations, suspensions, and points on licenses). Any state that does not link its database, containing records on all drivers and ID holders, to the database of the other states loses its federal funding.\u00a0As a parent I understand the mentality of forced compliance. Since most federal agencies (including DHS who drove this initiative), do not have passing FISMA grades, they too should be subjected to the loss of federal funding, or at least reduced funding.\u00a0A bit of an oxymoron since they need the funding to improve their security posture and overall grade but maybe they get the funding under extreme scrutiny forcing them to move to the head of the class with an A.\u00a0I don\u2019t know anyone who rewards a student for getting a D.\u00a0It is hard to get behind or look up to the country\u2019s lead security agency when they can\u2019t get their own study habits together.Before DHS forces states to link DMV databases, why not ensure databases are capable of supporting such a connection; have unnecessary sensitive data removed from the databases; classify the data and ensure safeguards are applied at inception and stay with the data until destruction; stop using sensitive data in test and development; ensure a secure structure is in place for the transmission of this data; and actually have a plan ensuring security is considered throughout the SDLC of this project? \u00a0It sure looks like security is once again taking a bolt-on, after-the-fact, back seat to another IT initiative.\u00a0DHS should be declared ineligible for any Real ID consideration until their grades are brought up (do I hear summa cum laude anyone?).\u00a0Sorry, you\u2019re grounded.