Federal agencies (21 - 30 of 87 items)
Information Security: VA Needs to Address Long-Standing Challenges
GAO-14-469T: Published: Mar 25, 2014. Publicly Released: Mar 25, 2014.
The Department of Veterans Affairs (VA) continues to face long-standing challenges in effectively implementing its information security program. Specifically, from fiscal year 2007 through 2013, VA has consistently had weaknesses in key information security control areas (see table).Control Weaknesses for Fiscal Years 2007-2013Security control category2007200820092010201120122013Access controlâœ“â...
Critical Infrastructure Protection: More Comprehensive Planning Would Enhance the Cybersecurity of Public Safety Entities' Emerging Technology
GAO-14-125: Published: Jan 28, 2014. Publicly Released: Jan 28, 2014.
The five identified federal agencies (Departments of Homeland Security, Commerce, Justice, and Transportation and Federal Communications Commission (FCC)) have to varying degrees, coordinated cybersecurity-related activities with state and local governments. These activities included (1) supporting critical infrastructure protection-related planning, (2) issuing grants, (3) sharing information, (4...
Information Security: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent
GAO-14-34: Published: Dec 9, 2013. Publicly Released: Jan 8, 2014.
The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified by the Office of Management and Budget (OMB) and the National Institute of Standards and Technology. The agencies reviewed generally addressed key management an...
Federal Information Security: Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness
GAO-13-776: Published: Sep 26, 2013. Publicly Released: Sep 26, 2013.
In fiscal year 2012, 24 major federal agencies had established many of the components of an information security program required by The Federal Information Security Management Act of 2002 (FISMA); however, they had partially established others. FISMA requires each federal agency to establish an information security program that incorporates eight key components, and each agency inspector general...
Cybersecurity: A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges
GAO-13-462T: Published: Mar 7, 2013. Publicly Released: Mar 7, 2013.
The federal government continues to face challenges in a number of key areas in effectively implementing cybersecurity; these challenge areas include the following, among others:Designing and implementing risk-based cybersecurity programs at federal agencies. Shortcomings persist in assessing risks, developing and implementing security programs, and monitoring results at federal agencies. This is...
Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented
GAO-13-187: Published: Feb 14, 2013. Publicly Released: Feb 14, 2013.
Threats to systems supporting critical infrastructure and federal operations are evolving and growing. Federal agencies have reported increasing numbers of cybersecurity incidents that have placed sensitive information at risk, with potentially serious impacts on federal and military operations; critical infrastructure; and the confidentiality, integrity, and availability of sensitive government,...
Driver's License Security: Federal Leadership Needed to Address Remaining Vulnerabilities
GAO-12-893: Published: Sep 21, 2012. Publicly Released: Sep 21, 2012.
To verify license applicants' identity, all 50 states and the District of Columbia have procedures that may detect counterfeit documents. For example, all states are now verifying key personal information, such as Social Security numbers (SSN) through online queries to a Social Security Administration (SSA) database, a significant increase from about a decade ago. This effort helps ensure that the...
Information Security: Better Implementation of Controls for Mobile Devices Should Be Encouraged
GAO-12-757: Published: Sep 18, 2012. Publicly Released: Sep 18, 2012.
Threats to the security of mobile devices and the information they store and process have been increasing significantly. For example, the number of variants of malicious software, known as Â“malware,Â” aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185 percent in less than a year (see figure). Cyber criminals may use a variety of attack methods, including interce...
Information Security: Cyber Threats Facilitate Ability to Commit Economic Espionage
GAO-12-876T: Published: Jun 28, 2012. Publicly Released: Jun 28, 2012.
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These sources include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can inc...
Cybersecurity: Threats Impacting the Nation
GAO-12-666T: Published: Apr 24, 2012. Publicly Released: Apr 24, 2012.
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal gr...