The Government Accountability Office has evaluated the information security programs of federal agencies and the Office of Management and Budget’s performance in supervising these efforts.
GAO said Friday it found that the majority of its study’s 16 sample agencies exhibited weaknesses in most areas of security control.
The accountability office evaluated 16 agencies in eight security aspects required for these programs by the Federal Information Security Modernization Act of 2014. These aspects are: periodic risk assessment, cost-effective policies and procedures, subordinate plans for security, security training, periodic testing of controls, remedial actions process, incident response and continuity of operations.
Of the sample, 13 agencies showed weak performance in incident response, remedial actions and security training.
Inspector generals also discovered the ineffectiveness of information security programs at 24 major agencies with chief financial officers, GAO noted.
The number of agencies OMB coordinated with for cybersecurity reviews has reduced from 24 to three over two fiscal years.
GAO recommends OMB’s director to submit yearly reports on the effectiveness of information security programs, boost coordination of cyber strategy meetings and work to ensure that inspector general reports align with FISMA requirements.