Finding Federal Cybersecurity Weaknesses: GAO Issues New Cybersecurity Guide
WASHINGTON, D.C (September 28, 2023) – As the risks to IT systems supporting the federal government and the nation’s critical infrastructure increase and security threats continue to evolve, the U.S. Government Accountability Office (GAO) today issued a new guide for conducting cybersecurity performance audits. The GAO Cybersecurity Program Audit Guide provides guidance to help the Congress, federal agencies, state and local auditors, the private sector and non-profits identify cybersecurity program weaknesses and develop appropriate recommendations for corrective actions.
“Ensuring the cybersecurity of our nation’s information systems has been a priority for GAO since we designated it a high-risk area in 1997 and expanded to include critical infrastructure protection in 2003. That commitment continues today with the issuance of this new guidebook for auditing our nation’s cybersecurity programs,” said Gene L. Dodaro, U.S. Comptroller General and head of the GAO. “By adhering to this guidance, both the public and private sectors will be better prepared to protect the government’s vital information systems against cybersecurity attacks.”
Developed with the help of federal officials as well as industry experts, this guidebook outlines the methodology for performing cybersecurity control audits in accordance with professional standards. Included are illustrative examples of audit procedures that auditors and analysts can use to evaluate components of agency cybersecurity programs, initiate corrections, and prevent attacks.
This guide is intended to help develop plans and procedures for the auditing of cybersecurity programs in the following areas:
- asset and risk management
- configuration management
- identity and access management
- continuous monitoring
- incident response
- contingency planning and recovery
The 2023 GAO Cybersecurity Audit Guide is available on GAO’s website. For more information, contact Nick Marinos, Managing Director Information Technology and Cybersecurity, at (202) 512-9342 or Chuck Young, Managing Director of Public Affairs, at 202-512-4800.
#####
The Government Accountability Office, known as the investigative arm of Congress, is an independent, nonpartisan agency that exists to support Congress in meeting its constitutional responsibilities. GAO also works to improve the performance of the federal government and ensure its accountability to the American people. The agency examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO provides Congress with timely information that is objective, fact-based, nonideological, fair, and balanced. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.