Most agencies aren’t sticking to the cybersecurity script — FCW

Cybersecurity

GAO: Most agencies aren’t sticking to the cybersecurity script

• By Derek B. Johnson
• Dec 18, 2018

 

A new watchdog audit says that many big agencies aren’t managing cybersecurity risk by the book.

According to a Government Accountability Office report, largely based on FISMA audits by agency inspectors general, found that 17 of 23 Chief Financial Officer Act agencies are failing to effectively implement core functions of the cybersecurity framework of the National Institute for Standards and Technology.

Seventeen agencies had “material weaknesses and significant deficiencies” in internal security controls and only 13 were found to be adequately managing enterprise risk, according to the Dec. 18 report.

“Agencies’ inspectors general determined that most of the 23 civilian CFO Act agencies did not have effective agency-wide information security programs,” auditors wrote. “They also reported that agencies did not have effective information security controls in place, leading to deficiencies in internal control over financial reporting.”