The General Services Administration‘s inspector general has found that GSA has adopted multi-factor authentication for 11 of its 18 covered information technology systems in compliance with government policies for data systems.
GSA IG said in a report released Wednesday that the agency’s access control procedures comply with the National Institute of Standards and Technology’s standards, Office of Management and Budget guidance and other government policies.
The IG drafted the report to evaluate GSA’s IT practices and policies in compliance with the provisions of the Cybersecurity Act of 2015.
The report noted that 14 out of the 18 IT systems employ automated tools, such as IBM’s BigFix and BMC’s Blade Logic Operations Manager, in order to manage software inventories and licenses.
GSA has also implemented several measures to prevent loss of sensitive data, such as adoption of firewalls and intrusion detection tools, deployment of the Cloudlock platform to monitor excessive file exchanges in the Google environment and use of GSA’s security operations center dashboard to detect malicious network traffic.
The IG also cited that GSA has drafted policies that require IT service providers to comply with the agency’s IT security requirements.
Such policies include the GSA Procedural Guide to Security Language for IT Acquisition Efforts and the GSA IT Security Policy, according to the report.
