GAO: 24 agencies have weakness in core IT areas

The Government Availability Office found all 24 agencies covered by the Chief Financial Officers Act — which includes HHS, the Department of Homeland Security and the National Institute of Standards and Technology — have weaknesses in at least one core IT area, according to a Sept. 28 report.

The government watchdog evaluated the agencies on five control areas: access controls; configuration management controls; segregation of duties; contingency planning; and agencywide security management. It aimed to ensure agencies met the requirements under the Federal Information Security Management Act of 2002, which was amended by the Federal Information Security Modernization Act of 2014.

All 24 agencies had weak access controls, or "the policies and practices that limit or detect access to computer resources," and security management, or "the policies, processes, and practices that provide a framework for ensuring that risks are understood and that effective controls are selected, implemented and operating as intended," as defined by the report.

"GAO and [inspector generals] have made hundreds of recommendations to address these security control deficiencies, but many have not yet been fully implemented," the report reads. "Until an evaluative component is incorporated into the implementation of the maturity model, the Office of Management and Budget will not have reasonable assurance that agency information security programs have been consistently evaluated."

Click here to read the full GAO report.

More articles on cybersecurity: 

Survey: 3 common ransomware infection vectors

Connecticut legislation classifying ransomware as a felony effective Oct. 1

SEC hack exposed personal data of 2 people

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars