GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
Increasingly sophisticated threats underscore the need to bolster the cybersecurity of the nation—a topic on our High Risk List.
We and others have noted an urgent need to clearly define a central leadership role to coordinate government efforts.
The Federal Communications Commission uses the Electronic Comment Filing System to receive public comments about proposed regulation changes.
In May 2017, a surge of more than 22 million comments disrupted the system making it unavailable.
In 2018, the administration released its government-wide reform plan aimed at making the federal government more efficient and effective. The Office of Management and Budget oversees the proposals with support from other lead agencies.
“Cyber hygiene” is a set of practices for managing the most common and pervasive cybersecurity risks. The Department of Defense’s cyber hygiene is critical as threats to its information and networks increase.
DOD has had 3 cyber hygiene initiatives underway.
Q: How does the government help keep banks, water systems, and other critical infrastructure from getting hacked?
A: A federal agency that issues standards and procedures—NIST—has a cybersecurity framework that critical infrastructure organizations can adopt.
Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. OMB requires agencies to use the Federal Risk and Authorization Management Program to authorize their use of cloud services.
What GAO Found Seven designated agencies--the Departments of Homeland Security, Justice, Defense, Commerce, Energy, and the Treasury, and the Office of the Director of National Intelligence--developed government-wide policies, procedures, and guidelines to assist federal and nonfederal entities in their...
What GAO Found Reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system's development life cycle and could create an unacceptable risk to federal agencies.