The Department of Defense’s Defense Logistics Agency has only partially taken critical cybersecurity risk management steps in its inventory management operations, the U.S. Government Accountability Office said in a report released Monday.
The report said the agency has not fully addressed risk management issues involving selecting, assessing, authorizing and monitoring security controls.
In November 2018 the DOD’s Survival Logistics Task Force concluded that the department’s inventory management systems were potentially vulnerable to cyberattacks and that it did not have corrective action plans to mitigate the potential risk.
A U.S. House of Representatives report that accompanied a bill for the National Defense Authorization Act for fiscal year 2020 included a provision for the GAO to evaluate the DOD’s efforts to manage cybersecurity risks to the DOD supply chain.
The GAO report said the DLA assessed specific security controls but did not develop system-level monitoring strategies for three of the six systems the GAO assessed; its assessment procedures lacked required approvals; it did not report complete and consistent security and risk…
