Access controls

Access controls fall short in most agencies

If access control is the front line of cyber defense, federal agencies are in a vulnerable position, according to the Government Accountability Office. All 24 of the major executive branch agencies evaluated by the GAO had weaknesses in access control in fiscal 2011, the latest year for such an evaluation.

GAO analyzed inspector general and other reports to identify weaknesses in five critical areas of security controls, including configuration management, segregation of duties, continuity of operations planning and information security programs.

Most agencies showed weaknesses in all of these areas, but access control was the only area in which all agencies were lacking. Consistent shortfalls such as this are one reason information security has been designated a high-risk area by GAO since before the turn of this century.

The weaknesses persist despite the attention to cybersecurity of several successive administrations, according to the GAO, which identified seven significant challenges to enhancing federal cybersecurity and the nation’s critical infrastructure:

  • Implementing actions recommended by the president’s cybersecurity policy review
  • Updating the national strategy for securing the information and communications infrastructure
  • Reassessing the Department of Homeland Security’s planning approach to critical infrastructure protection
  • Strengthening public-private partnerships, particularly for information sharing
  • Enhancing the national capability for cyber warning and analysis
  • Addressing global aspects of cybersecurity and governance
  • Securing the modernized electricity grid, referred to as the smart grid.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected