GAO: Security flaws due to management
The title of the latest IT security report from the Government Accountability Office tells a familiar tale: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements.
The report found problems'indicated by a red box in the chart at left'across all 24 major executive-branch agencies in implementing the requirements of the Federal Information Security Management Act. The problems were identified as managerial rather than technical.
'These weaknesses exist primarily because agencies have not yet fully implemented strong information security management programs,' the study concluded.
GAO recommended that the Office of Management and Budget, which is charged with FISMA oversight, improve its guidance for annual FISMA reporting.
Nearly all of the agencies reviewed lacked adequate access controls, software change controls, continuity-of-operations planning and agencywide security programs.
To read the GAO report, go to www.gcn.com
and enter 465 in the GCN.com/box.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.