From the Introduction: "Federal agencies are responsible for collecting, processing, storing, and disposing of digital information. Managing that data and the systems using the data in a secure way requires undertaking planning, implementing processes, and conducting programming on behalf of the agency--commonly referred to as 'cybersecurity'. [...] This report begins with a discussion of cybersecurity principles and provides case examples of challenges to those principles. The report then provides an overview of policies related to federal cybersecurity by exploring and analyzing laws, agency guidance, and standards for cybersecurity, along with agency responsibilities for cybersecurity. This report concludes by examining options for Congress to address federal cybersecurity issues through updating statutes, requiring cyber incident reports, establishing cybersecurity funding levels, mandating the use of shared services, and/or requiring the adoption of modern cybersecurity tools."
CRS Report for Congress, R46926
Congressional Research Service: https://crsreports.congress.gov/