Access controls

Access controls fall short in most agencies

If access control is the front line of cyber defense, federal agencies are in a vulnerable position, according to the Government Accountability Office. All 24 of the major executive branch agencies evaluated by the GAO had weaknesses in access control in fiscal 2011, the latest year for such an evaluation.

GAO analyzed inspector general and other reports to identify weaknesses in five critical areas of security controls, including configuration management, segregation of duties, continuity of operations planning and information security programs.

Most agencies showed weaknesses in all of these areas, but access control was the only area in which all agencies were lacking. Consistent shortfalls such as this are one reason information security has been designated a high-risk area by GAO since before the turn of this century.

The weaknesses persist despite the attention to cybersecurity of several successive administrations, according to the GAO, which identified seven significant challenges to enhancing federal cybersecurity and the nation’s critical infrastructure:

  • Implementing actions recommended by the president’s cybersecurity policy review
  • Updating the national strategy for securing the information and communications infrastructure
  • Reassessing the Department of Homeland Security’s planning approach to critical infrastructure protection
  • Strengthening public-private partnerships, particularly for information sharing
  • Enhancing the national capability for cyber warning and analysis
  • Addressing global aspects of cybersecurity and governance
  • Securing the modernized electricity grid, referred to as the smart grid.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.