GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
Each year, we make more than 1,000 recommendations to help improve the federal government. We alert department heads to the recommendations where they can save the most money, address issues on our High Risk List, or significantly improve government operations.
In fiscal year 2019, our work yielded a record $214.7 billion in financial benefits, a return of about $338 for every dollar invested in us. We also identified 1,418 other benefits that led to better services for the American people and other improvements across government.
Q: How does the government help keep banks, water systems, and other critical infrastructure from getting hacked?
A: A federal agency that issues standards and procedures—NIST—has a cybersecurity framework that critical infrastructure organizations can adopt.
What GAO Found Seven designated agencies--the Departments of Homeland Security, Justice, Defense, Commerce, Energy, and the Treasury, and the Office of the Director of National Intelligence--developed government-wide policies, procedures, and guidelines to assist federal and nonfederal entities in their...
What GAO Found Reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system's development life cycle and could create an unacceptable risk to federal agencies.
What GAO Found As required by the Federal Cybersecurity Workforce Assessment Act of 2015 (act), the Office of Personnel Management (OPM) developed a cybersecurity coding structure under the National Initiative for Cybersecurity Education (NICE) as well as procedures for assigning codes to federal civilian...
What GAO Found Most of the 16 critical infrastructure sectors took action to facilitate adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity by entities within their sectors.