Information Technology: DHS Directives Have Strengthened Federal Cybersecurity, but Improvements Are Needed, Report to Congressional Requesters [open pdf - 3MB]
From the GAO [Government Accountability Office] Highlights: "DHS plays a key role in federal cybersecurity. FISMA [Federal Information Security Modernization Act of 2014] authorized DHS, in consultation with the Office of Management and Budget, to develop and oversee the implementation of compulsory directives--referred to as binding operational directives-- covering executive branch civilian agencies. These directives require agencies to safeguard federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk. Since 2015, DHS has issued eight directives that instructed agencies to, among other things, (1) mitigate critical vulnerabilities discovered by DHS through its scanning of agencies' internet-accessible systems; (2) address urgent vulnerabilities in network infrastructure devices identified by DHS; and (3) better secure the government's highest value and most critical information and system assets."
Government Accountability Office: https://www.gao.gov/