Most of 24 Departments, Agencies Inadequately Protect IT, Says GAO
Most of two dozen federal departments and agencies continue to inadequately protect their information systems in FY 2016 due to ineffective implementation of security policies and practices, GAO reported Thursday. It said all or most had weaknesses in access controls,…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
configuration management controls, segregation of duties, contingency planning and security management. GAO covered all cabinet departments, except Defense, and agencies such as NASA, the Office of Personnel Management and Small Business Administration. From FY 2006-15, information security incidents rose 1,303 percent to 77,183. In FY 2016, the number decreased to 30,899, probably due to changes in reporting guidelines. GAO said they "no longer required agencies to report noncyber incidents or incidents categorized as scans, probes, and attempted access." It said use of the National Cybersecurity Protection System that detects or blocks potential malicious network traffic also may have been a reason.