Agencies Still Falling Short on Cyber Standards, GAO Says

[InfoSec News <alerts () infosecnews org>]

https://www.nextgov.com/cybersecurity/2019/07/agencies-still-falling-short-cyber-standards-gao-says/158783/

By Jack Corrigan,
Staff Correspondent
Nextgov.com
July 29, 2019

Many major federal agencies are dropping the ball when it comes to basic 
cybersecurity practices despite thousands of watchdog recommendations and 
an expanding array of digital threats, according to the Government 
Accountability Office.

Last year, federal auditors revealed that most agencies don’t understand 
the cybersecurity risks they face, and even fewer have put in place 
sufficient safeguards to defend against those threats, GAO said in a 
report published Friday. Many also lack proper policies for responding to 
intrusions and recovering from attacks, according to auditors.

The report, which summarizes numerous assessments from GAO and agency 
inspectors general, highlight the government’s long-standing struggle to 
translate IT security from paper to practice.

“IT systems are often riddled with security vulnerabilities,” auditors 
wrote in the report. “These vulnerabilities can facilitate security 
incidents and cyberattacks that disrupt critical operations; lead to 
inappropriate access to and disclosure, modification, or destruction of 
sensitive information; and threaten national security, economic 
well-being, and public health and safety.”

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_