Federal agencies (11 - 20 of 88 items)
Federal Information Security: Agencies Need to Correct Weaknesses and Fully Implement Security Programs
GAO-15-714: Published: Sep 29, 2015. Publicly Released: Sep 29, 2015.
Persistent weaknesses at 24 federal agencies illustrate the challenges they face in effectively applying information security policies and practices. Most agencies continue to have weaknesses in (1) limiting, preventing, and detecting inappropriate access to computer resources; (2) managing the configuration of software and hardware; (3) segregating duties to ensure that a single individual does n...
Information Security: Cyber Threats and Data Breaches Illustrate Need for Stronger Controls across Federal Agencies
GAO-15-758T: Published: Jul 8, 2015. Publicly Released: Jul 8, 2015.
Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from equipment failure or careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, or terrorists, among others. Threat actors use a variety of attack techniques that can adversely affect federal information, comp...
Cybersecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies
GAO-15-725T: Published: Jun 24, 2015. Publicly Released: Jun 24, 2015.
GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity, including the following:Designing and implementing a risk-based cybersecurity program.Enhancing oversight of contractors providing IT services.Improving security incident response activities.Responding to breaches of personal information.Implementing cybersecurity programs at small agencie...
Cybersecurity: Actions Needed to Address Challenges Facing Federal Systems
GAO-15-573T: Published: Apr 22, 2015. Publicly Released: Apr 22, 2015.
Federal and contractor systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from equipment failure, careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, or terrorists, among others. Threat actors use a variety of attack techniques that can adversely affect federal info...
Federal Facility Cybersecurity: DHS and GSA Should Address Cyber Risk to Building and Access Control Systems
GAO-15-6: Published: Dec 12, 2014. Publicly Released: Jan 12, 2015.
The Department of Homeland Security (DHS) has taken preliminary steps to begin to understand the cyber risk to building and access controls systems in federal facilities. For example, in 2013, components of DHS's National Protection and Programs Directorate (NPPD) conducted a joint assessment of the physical security and cybersecurity of a federal facility. However, significant work remains.Lack o...
Healthcare.gov: Information Security and Privacy Controls Should Be Enhanced to Address Weaknesses
GAO-14-871T: Published: Sep 18, 2014. Publicly Released: Sep 18, 2014.
Enrollment through Healthcare.gov is supported by the exchange of information among many systems and entities. The Department of Health and Human Services' (HHS) Centers for Medicare & Medicaid Services (CMS) has overall responsibility for key information technology (IT) systems supporting Healthcare.gov. These include, among others, the Federally Facilitated Marketplace (FFM) system, which facili...
Information Security: Agencies Need to Improve Oversight of Contractor Controls
GAO-14-612: Published: Aug 8, 2014. Publicly Released: Sep 8, 2014.
Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation of controls, five of the...
Information Security: Additional Oversight Needed to Improve Programs at Small Agencies
GAO-14-344: Published: Jun 25, 2014. Publicly Released: Jun 25, 2014.
The six small agencies GAO reviewed have made mixed progress in implementing elements of information security and privacy programs as required by the Federal Information Security Management Act of 2002, the Privacy Act of 1974, the E-Government Act of 2002, and Office of Management and Budget (OMB) guidance (see figure).Agencies' Implementation of Information Security and Privacy Elements in Fisca...
Maritime Critical Infrastructure Protection: DHS Needs to Better Address Port Cybersecurity
GAO-14-459: Published: Jun 5, 2014. Publicly Released: Jun 5, 2014.
Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited.While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific po...
Information Security: Agencies Need to Improve Cyber Incident Response Practices
GAO-14-354: Published: Apr 30, 2014. Publicly Released: May 30, 2014.
Twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information). Based on a statistical sample of cyber incidents reported in fiscal year 2012, GAO projects that these agencies did not completely document actions taken in response to detected incidents in about 65 percent of cas...