Skip to main content

Image

Information Security

Jump To:

Image

Open Recommendations

Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements

GAO-24-105658
Dec 04, 2023
Show
20 Open Recommendations
Agency Affected Recommendation Status
Cybersecurity and Infrastructure Security Agency The Director of CISA should ensure that when the agency updates the Federal Government Cybersecurity Incident & Vulnerability Response Playbooks that it provides additional detail to federal agencies on COOP planning and includes the requirement to provide both primary and secondary points of contact to CISA. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Commerce The Secretary of Commerce should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Education The Secretary of Education should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Energy The Secretary of Energy should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services The Secretary of Health and Human Services should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Secretary of Homeland Security should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure Protection: National Cybersecurity Strategy Needs to Address Information Sharing Performance Measures and Methods

GAO-23-105468
Sep 26, 2023
Show
2 Open Recommendations
Agency Affected Recommendation Status
Office of the National Cyber Director The National Cyber Director should identify outcome-oriented performance measures for the eight cyber threat information sharing initiatives that are included in the National Cybersecurity Strategy Implementation Plan. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Cybersecurity and Infrastructure Security Agency The Director of CISA, in coordination with the 14 agencies, should conduct a comprehensive assessment of whether the current mix of centralized and federated sharing methods used by the agencies is the optimal approach to addressing the cyber threat sharing challenges—including whether existing sharing methods should be retired in favor of centralized or federated approaches. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Security of Taxpayer Information: IRS Needs to Address Critical Safeguard Weaknesses

GAO-23-105395
Sep 11, 2023
Show
16 Open Recommendations
Agency Affected Recommendation Status
Congress Congress should consider providing IRS with direct statutory authority to inspect receiving agencies' safeguards for taxpayer information shared under subsection 6103(c) of the Internal Revenue Code. (Matter for Consideration 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner for Internal Revenue should officially assign the Human Capital Office responsibility for monitoring contractor training completion rates for courses related to protecting taxpayer information and ensure this role and responsibility is documented. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner for Internal Revenue should ensure that the Human Capital Office establish and document an agency-wide training completion goal for annual mandatory contractor training related to protecting taxpayer information. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner for Internal Revenue should ensure that the Human Capital Office monitor contractor training completion rates for courses related to protecting taxpayer information and take actions to ensure contractors complete training, such as sharing completion rates with contracting officer representatives (COR) and other appropriate offices. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner for Internal Revenue should ensure that the Enterprise Contract Oversight Center and other appropriate offices develop guidance for CORs on the process of documenting and reporting UNAX and unauthorized disclosure incidents, including processes for cases that are substantiated. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Internal Revenue Service The Commissioner for Internal Revenue should ensure that the Enterprise Contract Oversight Center and other appropriate offices develop training for CORs on the process of documenting and reporting UNAX and unauthorized disclosure incidents, including processes for cases that are substantiated. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cybersecurity Workforce: National Initiative Needs to Better Assess Its Performance

GAO-23-105945
Jul 27, 2023
Show
8 Open Recommendations
Agency Affected Recommendation Status
National Institute of Standards and Technology The Director of NIST should ensure that the Director of NICE develops a program performance plan with goals that are measurable. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Institute of Standards and Technology The Director of NIST should ensure that the Director of NICE updates the program's environmental scan documentation to include an assessment of how the outcomes and impacts of the identified programs, projects, and initiatives may affect the program's achievement of its performance plan and the strategic plan goals. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Institute of Standards and Technology The Director of NIST should ensure that the Director of NICE assesses and justifies the resources that the program requires to achieve its performance plan and the strategic plan goals. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Institute of Standards and Technology The Director of NIST should ensure that the Director of NICE establishes performance measures with a plan to collect the data needed to assess progress toward each performance goal. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Institute of Standards and Technology The Director of NIST should ensure that the Director of NICE regularly collects program performance information that is measurable, timely, accurate, and useful. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
National Institute of Standards and Technology The Director of NIST should ensure the Director of NICE reports measurable program performance information to stakeholders. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.