In a new report, the Government Accountability Office identified program and control deficiencies in the Federal Communication Commission’s Electronic Comment Filing System. GAO found issues in the core security functions related to identifying risk, protecting systems from threats and vulnerabilities, detecting and responding to cyber security events, and recovering system operations. GAO previously found that FCC […]
An audit by GAO found that the Department of Defense has not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene: 2015 DOD Cybersecurity Culture and Compliance Initiative: 7 out of 11 tasks due to be implemented in 2016 have not been fully implemented. 2015 DOD Cyber Discipline Implementation Plan: […]
Agency’s Discussions Did Not Lull Protester Into False Sense of Complacency; Community Education Centers,...
Protest challenging agency’s conduct of discussions and evaluation is denied. The protester contended the agency conducted misleading discussions concerning price reasonableness that lulled the protester into a false sense of security. But an agency is only required to raise a price reasonableness issue in discussions if it finds the offeror’s price unreasonable. Here, the agency […]
Office of Congressional Workplace Rights: Weaknesses in Cybersecurity Management and Oversight Need to Be...
The Office of Congressional Workplace Rights enforces fair employment and occupational safety and health rules in the legislative branch. Congress passed a 2018 law that, among other things, required the office to create a secure online system for discrimination and harassment claims. In a new report, GAO found weaknesses in the office’s project planning, system […]
Information Security: VA and Other Federal Agencies Need to Address Significant Challenges, November 14,...
Federal agencies, including the Department of Veterans Affairs, continue to have deficient information security programs. For example, in fiscal year 2018, inspectors general used a five-level maturity model to rate agency information security policies, procedures, and practices related to the five core security functions – identify, protect, detect, respond, and recover – established by the […]
The GAO conducted a government-wide review of IT workforce planning. It found that federal agencies varied widely in their efforts to implement key information technology workforce planning activities that are critical to ensuring that agencies have the staff they need to support their missions. Specifically, at least 23 of the 24 agencies GAO reviewed partially […]
EPA Still Unable to Validate that Contractors Received Role-Based Training for Information Security Protection
The Environmental Protection Agency’s Office of Inspector General reports that the agency has limited assurance that contractor personnel are maintaining skills needed to combat efforts to destroy, steal, or hold for ransom the EPA’s systems and sensitive information. Due to unfamiliarity with requirements and ambiguity about who was responsible, only 7 of 21 EPA offices […]
The Cybersecurity Committee of the National Association of Secretaries of State has issued a new resource guide to help offices of Secretaries of State navigate available cybersecurity resources to include understanding the circumstances for which they may be useful, the differences between them, how to access them, and other relevant information. The guide covers resources […]
Responding to an allegation that software and hardware used by the Energy Department’s Office of the CIO had no manufacturer support or updates/patches, the department’s Office of Inspector General initiated an audit to determine whether the agency was managing its cybersecurity in accordance with requirements, and found that it had not. In three information systems […]
In an audit to determine the capabilities and practices of the Commerce Department to carry out cybersecurity information sharing, consistent with the Cybersecurity Information Sharing Act of 2015, the agency’s Office of Inspector General found that: The department lacked an internal automated sharing capability, resulting in a tedious manual process to ingest or share cyber […]