Information security (1 - 10 of 142 items)
Information Security: DHS Needs to Continue to Advance Initiatives to Protect Federal Systems
GAO-17-518T: Published: Mar 28, 2017. Publicly Released: Mar 28, 2017.
The Department of Homeland Security (DHS) is spearheading multiple efforts to improve the cybersecurity posture of the federal government. Among these, the National Cybersecurity Protection System (NCPS) provides a capability to detect and prevent potentially malicious network traffic from entering agencies' networks. In addition, DHS's continuous diagnostics and mitigation (CDM) program provides...
Cybersecurity: Actions Needed to Strengthen U.S. Capabilities
GAO-17-440T: Published: Feb 14, 2017. Publicly Released: Feb 14, 2017.
GAO has consistently identified shortcomings in the federal government's approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure informati...
Information Security: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
GAO-16-513: Published: Aug 30, 2016. Publicly Released: Sep 29, 2016.
Although the Food and Drug Administration (FDA), an agency of the Department of Health and Human Services (HHS), has taken steps to safeguard the seven systems GAO reviewed, a significant number of security control weaknesses jeopardize the confidentiality, integrity, and availability of its information and systems. The agency did not fully or consistently implement access controls, which are inte...
Federal Information Security: Actions Needed to Address Challenges
GAO-16-885T: Published: Sep 19, 2016. Publicly Released: Sep 20, 2016.
Cyber incidents affecting federal agencies have continued to grow, increasing about 1,300 percent from fiscal year 2006 to fiscal year 2015.Cyber Incidents Reported by Federal Agencies, Fiscal Year 2006--2015Several laws and policies establish a framework for the federal government's information security and assign implementation and oversight responsibilities to key federal entities, including th...
Federal Chief Information Security Officers: Opportunities Exist to Improve Roles and Address Challenges to Authority
GAO-16-686: Published: Aug 26, 2016. Publicly Released: Sep 15, 2016.
Under the Federal Information Security Modernization Act of 2014 (FISMA 2014), the agency chief information security officer (CISO) has the responsibility to ensure that the agency is meeting the requirements of the law, including developing, documenting, and implementing the agency-wide information security program. However, 13 of the 24 agencies GAO reviewed had not fully defined the role of the...
Information Security: FDIC Implemented Controls over Financial Systems, but Further Improvements are Needed
GAO-16-605: Published: Jun 29, 2016. Publicly Released: Jun 29, 2016.
The Federal Deposit Insurance Corporation (FDIC) has implemented numerous information security controls intended to protect its key financial systems; however, weaknesses remain that place the confidentiality, integrity, and availability of financial systems and information at risk. During calendar year 2015, the corporation continued to devote attention to securing its financial information and s...
Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems
GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016.
In GAO's survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies also noted that attacks delivered through e-mail were the most serious and frequent. During fiscal year 2014, 11 of the 18 agencies reported 2,267 incidents affecting...
Information Security: Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
GAO-16-493: Published: Apr 28, 2016. Publicly Released: Apr 28, 2016.
The Securities and Exchange Commission (SEC) improved its information security by addressing weaknesses previously identified by GAO, including separating the user production network from the internal management network. However, weaknesses continue to limit the effectiveness of other security controls. In particular:While SEC had issued policies and implemented controls based on those policies, i...
Information Security: IRS Needs to Further Enhance Controls over Taxpayer and Financial Data
GAO-16-590T: Published: Apr 14, 2016. Publicly Released: Apr 14, 2016.
In March 2016 GAO reported that the Internal Revenue Service (IRS) had instituted numerous controls over key financial and tax processing systems; however, it had not always effectively implemented safeguards intended to properly restrict access to systems and information. In particular, while IRS had improved some of its access controls, weaknesses remained with identifying and authenticating use...
Information Security: IRS Needs to Further Improve Controls over Financial and Taxpayer Data
GAO-16-398: Published: Mar 28, 2016. Publicly Released: Mar 28, 2016.
The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its information systems that process sensitive taxpayer and fina...