Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical...
The Chemical Facility Anti-Terrorism Standards (CFATS) program within the Department of Homeland Security (DHS) evaluates high-risk chemical facilities’ cybersecurity efforts via inspections that include reviewing policies and procedures, interviewing relevant officials, and verifying facilities’ implementation of agreed-upon security measures. In a recent audit, GAO found that the CFATS program has guidance designed to help the […]
In response to a request from Congress for a review of federal agencies’ information and communications technology (ICT) supply chain risk management (SCRM) practices, the Government Accountability Office found that no federal agency had fully implemented the approach. GAO found that few of the 23 civilian Chief Financial Officers Act agencies had implemented seven selected foundational […]
The Government Accountability Office has issued a report about the Equifax breach, in which hackers stole the personal data of nearly 150 million people in 2017. Equifax explained that hackers exploited vulnerabilities in the firm’s systems to access and steal data. During an investigation into the breach, Equifax discovered several factors that contributed to the […]
In a new report, the Congressional Research Service examines the Department of Defense’s Cybersecurity Maturity Model Certification framework, offering an overview and analysis of issues for Congress associated with the CMMC framework, and discussing congressional considerations related to DoD’s efforts to mitigate cybersecurity risks and vulnerabilities within the defense industrial base in the performance of its […]
Blank Rome has contributed an article to the latest edition of Pratt's Privacy and Cybersecurity and Law Report discussing the enactment of California’s Internet of...
Key practices for establishing an agency-wide cybersecurity risk management program include designating a cybersecurity risk executive, developing a risk management strategy and policies to facilitate risk-based decisions, assessing cyber risks to the agency, and establishing coordination with the agency’s enterprise risk management program. Although the 23 agencies GAO reviewed almost always designated a risk executive, […]
GAO was asked to evaluate federal agencies’ cybersecurity requirements and related assessment programs for state agencies. The objectives were to determine the extent to...
The Federal Aviation Administration, Indian Health Service, and Small Business Administration have deployed tools intended to provide cybersecurity data to support the DHS Continuous Diagnostics and Mitigation program, according to a new report from GAO. However, while all three agencies reported that the program improved their network awareness, none had effectively implemented all key CDM […]
The GAO conducted a government-wide review of IT workforce planning. It found that federal agencies varied widely in their efforts to implement key information technology workforce planning activities that are critical to ensuring that agencies have the staff they need to support their missions. Specifically, at least 23 of the 24 agencies GAO reviewed partially […]