Cybersecurity : OMB should update inspector general reporting guidance to increase rating consistency and precision : report to congressional committees.
Publication Info.
Washington, D.C. : United States Government Accountability Office, 2022.
Connect to
Copies
Description
1 online resource (iii, 63 pages) : color illustrations
text txt rdacontent
computer c rdamedia
online resource cr rdacarrier
Note
"March 2022."
"GAO-22-104364."
Bibliography
Includes bibliographical references.
Contents
Background. -- Agency, IG, and GAO reports highlight agencies' uneven effectiveness in implementing cybersecurity requirements. -- Agency officials reported that FISMA improved their cybersecurity programs but also identified impediments and suggested improvements. -- Conclusions. -- Recommendations for executive action. -- Agency comments and our evaluation. -- Appendices.
Summary
Since 1997, GAO has designated information security as a government-wide high-risk area. To protect federal information and systems, FISMA requires federal agencies to develop, document, and implement information security programs. GAO's objectives in this report were to (1) describe the reported effectiveness of federal agencies' implementation of cybersecurity policies and practices and (2) evaluate the extent to which relevant officials at federal agencies consider FISMA to be effective at improving the security of agency information systems. GAO is making two recommendations that OMB, in consultation with others, clarify its guidance to IGs and create a more precise overall rating scale.
Note
Description based on online resource, PDF version; title from cover (GAO, viewed on May 6, 2022).