Software (1 - 6 of 6 items) in Past Year
Information Security: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
GAO-16-513: Published: Aug 30, 2016. Publicly Released: Sep 29, 2016.
Although the Food and Drug Administration (FDA), an agency of the Department of Health and Human Services (HHS), has taken steps to safeguard the seven systems GAO reviewed, a significant number of security control weaknesses jeopardize the confidentiality, integrity, and availability of its information and systems. The agency did not fully or consistently implement access controls, which are inte...
Federal Information Security: Actions Needed to Address Challenges
GAO-16-885T: Published: Sep 19, 2016. Publicly Released: Sep 20, 2016.
Cyber incidents affecting federal agencies have continued to grow, increasing about 1,300 percent from fiscal year 2006 to fiscal year 2015.Cyber Incidents Reported by Federal Agencies, Fiscal Year 2006--2015Several laws and policies establish a framework for the federal government's information security and assign implementation and oversight responsibilities to key federal entities, including th...
Information Security: FDIC Implemented Controls over Financial Systems, but Further Improvements are Needed
GAO-16-605: Published: Jun 29, 2016. Publicly Released: Jun 29, 2016.
The Federal Deposit Insurance Corporation (FDIC) has implemented numerous information security controls intended to protect its key financial systems; however, weaknesses remain that place the confidentiality, integrity, and availability of financial systems and information at risk. During calendar year 2015, the corporation continued to devote attention to securing its financial information and s...
Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems
GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016.
In GAO's survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies also noted that attacks delivered through e-mail were the most serious and frequent. During fiscal year 2014, 11 of the 18 agencies reported 2,267 incidents affecting...
Vehicle Cybersecurity: DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
GAO-16-350: Published: Mar 24, 2016. Publicly Released: Apr 25, 2016.
Modern vehicles contain multiple interfaces—connections between the vehicle and external networks—that leave vehicle systems, including safety-critical systems, such as braking and steering, vulnerable to cyberattacks. Researchers have shown that these interfaces—if not properly secured—can be exploited through direct, physical access to a vehicle, as well as remotely through short-range a...
Information Security: IRS Needs to Further Improve Controls over Financial and Taxpayer Data
GAO-16-398: Published: Mar 28, 2016. Publicly Released: Mar 28, 2016.
The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its information systems that process sensitive taxpayer and fina...