GAO Slams Federal Agencies for Cybersecurity Failures
The Government Accountability Office (GAO) issued scathing reports criticizing three federal agencies—the General Services Administration (GSA), Environmental Protection Agency (EPA), and Department of Homeland Security (DHS)—for their CIOs' failure to implement cybersecurity recommendations. DHS has 43 outstanding recommendations, seven prioritized by GAO; EPA has 11; and GSA has 4. Common failures include inadequate cybersecurity event logging and IT portfolio reviews. The EPA faces additional issues with cloud software management, lacking documentation and service level agreements. DHS's Homeland Advanced Recognition Technology (HART) program remains plagued with problems, with all nine recommendations unimplemented. The GAO hopes newly appointed CIOs will address these shortcomings, and has brought the issues to Congress's attention.