The Government Accountability Office recently released a report on the strength of informational security programs for various federal agencies. Unfortunately, the results from the GAO report were less than stellar.
The Federal Information Security Management Act of 2002, or FISMA, requires federal agencies to “develop, document, and implement” cybersecurity programs.
Most of the federal agencies “had developed and documented policies and procedures for managing risk, providing security training, and taking remedial actions.”
According to the report, there were five main categories where the agencies were weak: 1) access controls; 2) management controls to prevent unauthorized changes; 3) segregation of duties; 4) contingency planning; and 5) agency security management.
The Office of Management and Budget and the Department of Homeland Security are required to provide guidance to the various agency inspectors general, but the help from OMB and DHS “was not always complete, leading to inconsistent application by the inspectors general.”
The lack of clear assistance interferes with the ability of Congress to provide proper oversight by information not being reported or “uneven information on the extent to which federal agencies are effectively implementing security requirements.”
Further, during 2013 and 2014, the inspectors found “information security control deficiencies at agencies that expose information…to elevated risk of unauthorized use, disclosure, modification, and disruption.”
The negative outlook from the inspectors is partly based on the growth in frequency of different cyber concerns. Since 2006, the number of informational security incidents increased from 5,503 to 67,168 in fiscal year 2014 — a spike of 1,121 percent.
Overall, the reaction from GAO was mixed.
Follow Steve Ambrose on Twitter
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact email@example.com.