https://fcw.com/articles/2018/12/18/cyber-gao-report-johnson.aspx
By Derek B. Johnson
FCW.com
Dec 18, 2018
A new watchdog audit says that many big agencies aren't managing
cybersecurity risk by the book.
According to a Government Accountability Office report, largely based on
FISMA audits by agency inspectors general, found that 17 of 23 Chief
Financial Officer Act agencies are failing to effectively implement core
functions of the cybersecurity framework of the National Institute for
Standards and Technology.
Seventeen agencies had "material weaknesses and significant deficiencies"
in internal security controls and only 13 were found to be adequately
managing enterprise risk, according to the Dec. 18 report.
"Agencies' inspectors general determined that most of the 23 civilian CFO
Act agencies did not have effective agency-wide information security
programs," auditors wrote. "They also reported that agencies did not have
effective information security controls in place, leading to deficiencies
in internal control over financial reporting."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
