The US Department of State must fully implement its cybersecurity risk program and take additional steps to better protect its IT network and systems, a 92-page report by the General Accounting Office (GAO) warns.
The State Department has completed the authorization process for less than half (44%) its nearly 500 information systems, and has yet to implement a department-wide continuous monitoring system.
On the positive side, the department has identified risk management roles and responsibilities and developed a cyber risk management strategy.
However, “until the department implements required risk management activities, it lacks assurance that its security controls are operating as intended,” the report noted. “Moreover, State is likely not fully aware of information security vulnerabilities and threats affecting mission operations.”
And those threats are likely myriad.
State Dept. Faces Rafts of Outstanding Cyber To-Dos
The report, which forms part of the GAO’s extensive work on the US government’s cybersecurity and information security challenges, tallied 15 recommendations for executive actions that remain outstanding.
First and foremost among them is the recommendation that the…
