/>
X

Agencies fail to comply with FISMA

GAO report finds agencies fail to test their security controls regularly and consistently, calls on OMB to issue further directives.
zd-defaultauthor-richard-koman.jpg
Written by Richard Koman on
Federal agencies are failing to test their IT security controls consistently, a new General Accounting Office report has found, Government Accounting News reports.
“Federal agencies have not adequately designed and effectively implemented policies for periodically testing and evaluating information security controls,” the GAO concluded after surveying 24 major agencies and conducting in-depth case studies on 30 IT systems at six of the agencies.

The report was ordered by Rep. Tom Davis (R-Va.), the original sponsor of FISMA, the Federal Information Security Management Act. Apparently no agencies are compliant with the law, passed in 2002.

"What this shows is that we have a long way to go to ensure Americans the information their government keeps about them is safe," Davis said in a release. "We're going to do this, but it's going to take time."

GAO recommends that OMB instruct agencies to develop and implement policies on periodic testing and evaluation, and revise instructions for future FISMA reporting by inspectors general to include assessments on the quality of agencies’ testing processes.

“We received oral comments on a draft of this report from representatives” at OMB, the GAO reported. “The representatives agreed to consider our recommendations as part of their oversight responsibilities for information security at federal agencies.”

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
The best iPhone deals available right now: July 2022
iphone 12 vs iphone 11 cnet.jpg

The best iPhone deals available right now: July 2022

iPhone