GAO: Security flaws due to management

The title of the latest IT security report from the Government Accountability Office tells a familiar tale: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements.

The report found problems'indicated by a red box in the chart at left'across all 24 major executive-branch agencies in implementing the requirements of the Federal Information Security Management Act. The problems were identified as managerial rather than technical.

'These weaknesses exist primarily because agencies have not yet fully implemented strong information security management programs,' the study concluded.

GAO recommended that the Office of Management and Budget, which is charged with FISMA oversight, improve its guidance for annual FISMA reporting.

Nearly all of the agencies reviewed lacked adequate access controls, software change controls, continuity-of-operations planning and agencywide security programs.

To read the GAO report, go to www.gcn.com and enter 465 in the GCN.com/box.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above