GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
Cyber insurance can help offset the costs of responding to and recovering from cyberattacks. The growing frequency and severity of cyberattacks have led more insurance clients to opt for cyber coverage—up from 26% in 2016 to 47% in 2020.
Q: How does the government help keep banks, water systems, and other critical infrastructure from getting hacked?
A: A federal agency that issues standards and procedures—NIST—has a cybersecurity framework that critical infrastructure organizations can adopt.
Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. OMB requires agencies to use the Federal Risk and Authorization Management Program to authorize their use of cloud services.
What GAO Found Seven designated agencies--the Departments of Homeland Security, Justice, Defense, Commerce, Energy, and the Treasury, and the Office of the Director of National Intelligence--developed government-wide policies, procedures, and guidelines to assist federal and nonfederal entities in their...
What GAO Found Most of the 16 critical infrastructure sectors took action to facilitate adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity by entities within their sectors.
Pursuant to a congressional request, GAO reviewed software change controls at the Department of the Treasury, focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the...