ABSTRACT

Cybersecurity: Preliminary Results Show That Agencies' Implementation of FISMA Requirements Was Inconsistent, Testimony Before the Committee on Oversight and Reform, House of Representatives   [open pdf - 286KB]

From the GAO (Government Accountability Office) Highlights: "Federal systems are highly complex and dynamic, technologically diverse, and often geographically dispersed. Without proper safeguards, computer systems are increasingly vulnerable to attack. As such, since 1997, GAO has designated information security as a government-wide high-risk area. FISMA [Federal Information Security Modernization Act of 2014] was enacted to provide federal agencies with a comprehensive framework for ensuring the effectiveness of information security controls. FISMA requires federal agencies to develop, document, and implement an information security program to protect the information and systems that support the operations and assets. It also includes a provision for GAO to periodically report on agencies' implementation of the act. This testimony discusses GAO's preliminary results from its draft report in which the objectives were to (1) describe the reported effectiveness of federal agencies' implementation of cybersecurity policies and practices and (2) evaluate the extent to which relevant officials at federal agencies consider FISMA to be effective at improving the security of agency information systems. To do so, GAO reviewed the 23 civilian CFO Act [Chief Financial Officers Act of 1990] agencies' FISMA reports, agency-reported performance data, past GAO reports, and OMB [United States Office of Management and Budget] documentation and guidance. GAO also interviewed agency officials from the 24 CFO Act agencies (i.e., the 23 civilian CFO Act agencies and the Department of Defense)."

Report Number:
GAO-22-105637
Author:
Publisher:
Date:
2022-01-11
Copyright:
Public Domain
Retrieved From:
Government Accountability Office: https://www.gao.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations