GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
What GAO Found The Department of Defense (DOD) has not fully implemented three of its key initiatives and practices aimed at improving cyber hygiene. Carnegie-Mellon University defines cyber hygiene as a set of practices for managing the most common and pervasive cybersecurity risks.
Export sales of defense-related products often include "offsets"-- industrial and commercial benefits, such as technology transfer, which U.S. companies provide to foreign governments as incentives or conditions for purchasing military goods and services.
The Federal Information Security Management Act of 2002 reauthorizes and expands the information security, evaluation, and reporting requirements enacted in the National Defense Authorization Act for Fiscal Year 2001.
Pursuant to a congressional request, GAO discussed federal agencies' compliance with the National Technology Transfer and Advancement Act, which directs federal agencies to use voluntary consensus standards, focusing on: (1) the National Institute of Standards and Technology's (NIST) and the Office of...