Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

GAO: Most agencies aren't sticking to the cybersecurity script

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 19 Dec 2018 06:18:36 +0000 (UTC)
https://fcw.com/articles/2018/12/18/cyber-gao-report-johnson.aspx

By Derek B. Johnson
FCW.com
Dec 18, 2018
A new watchdog audit says that many big agencies aren't managing cybersecurity risk by the book.
According to a Government Accountability Office report, largely based on FISMA audits by agency inspectors general, found that 17 of 23 Chief Financial Officer Act agencies are failing to effectively implement core functions of the cybersecurity framework of the National Institute for Standards and Technology.
Seventeen agencies had "material weaknesses and significant deficiencies" in internal security controls and only 13 were found to be adequately managing enterprise risk, according to the Dec. 18 report.
"Agencies' inspectors general determined that most of the 23 civilian CFO Act agencies did not have effective agency-wide information security programs," auditors wrote. "They also reported that agencies did not have effective information security controls in place, leading to deficiencies in internal control over financial reporting." 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: