Skip to main content

Information Security

Jump To:

Recent Reports

View More Reports

Open Recommendations

Cybersecurity: Implementation of Executive Order Requirements is Essential to Address Key Actions
GAO-24-106343
Apr 18, 2024
Show
5 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should direct the Director of CISA to issue, in a timely manner, its list of software and software product categories that are considered critical software. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Secretary of Homeland Security, through the Director of the CISA, should direct the Cyber Safety Review Board to document steps taken or planned to implement the recommendations provided to the President for improving the board's operations. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget The Director of OMB should demonstrate that the office has conducted, with pertinent federal agencies, cost analyses for the implementation of recommendations related to the sharing of threat information, as defined in the order. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget The Director of OMB should demonstrate that the office has coordinated with pertinent federal agencies regarding resourcing needs for the implementation of an endpoint detection and response capability, as defined in the order. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Office of Management and Budget The Director of OMB should demonstrate that the office has coordinated with pertinent federal agencies regarding resourcing needs for logging, log retention, and log management capabilities, as defined in the order. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cybersecurity: Improvements Needed in Addressing Risks to Operational Technology
GAO-24-106576
Mar 07, 2024
Show
4 Open Recommendations
Agency Affected Recommendation Status
Cybersecurity and Infrastructure Security Agency The Director of CISA should (1) measure customer service for all of its OT products and services and (2) use the results of such measures to make improvements to the products and services. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Cybersecurity and Infrastructure Security Agency The Director of CISA should (1) develop OT competency and staffing requirements, (2) assess OT competency and staffing gaps, and (3) develop strategies for filling any gaps. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Cybersecurity and Infrastructure Security Agency The Director of CISA should issue guidance on how SRMAs should update sector-specific plans that reflects the five selected leading collaboration practices when agencies are mitigating cyber OT risks. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Cybersecurity and Infrastructure Security Agency The Director of CISA should (1) develop an agency-wide policy on agreements with SRMAs regarding collaboration to mitigate OT risks and (2) implement that policy with the selected agencies. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Artificial Intelligence: Fully Implementing Key Practices Could Help DHS Ensure Responsible Use for Cybersecurity
GAO-24-106246
Feb 07, 2024
Show
8 Open Recommendations
Agency Affected Recommendation Status
Department of Homeland Security The Chief Technology Officer should expand its review process to include steps to verify the accuracy of its AI inventory submissions. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Director of CISA should develop metrics to consistently measure progress toward all stated goals and objectives for Automated PII Detection. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Director of CISA should clearly define the roles and responsibilities and delegation of authority of all relevant stakeholders involved in managing and overseeing the implementation of the Automated PII Detection component to ensure effective operations and sustained oversight. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Director of CISA should document the sources and origins of data used to develop the Automated PII Detection component. (Recommendation 4)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Director of CISA should take steps to assess and document the reliability of data used to enhance the representativeness, quality, and accuracy of the Automated PII Detection component. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Homeland Security The Director of CISA should document its process for optimizing the elements used within the Automated PII Detection component. (Recommendation 6)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Cybersecurity: National Cyber Director Needs to Take Additional Actions to Implement an Effective Strategy
GAO-24-106916
Feb 01, 2024
Show
2 Open Recommendations
Agency Affected Recommendation Status
Office of the National Cyber Director The Director of ONCD should work with relevant federal entities to assess the initiatives that lend themselves to outcome-oriented performance measures and develop such performance measures for those initiatives in a timely manner to gauge effectiveness in meeting the goals and objectives of the National Cybersecurity Strategy. (Recommendation 1)
Open
ONCD agreed with this recommendation and said it will assess the initiatives to identify those that warrant outcome-oriented performance measures. When we confirm what actions ONCD has taken in response to this recommendation, we will provide updated information.
Office of the National Cyber Director The Director of ONCD should work with relevant federal entities to assess the initiatives to identify those that warrant a cost estimate and develop such cost estimates. (Recommendation 2)
Open
ONCD disagreed with this recommendation. We continue to believe that the recommendation is valid because we identified initiatives that may require significant costs. As such, we will monitor ONCD's efforts to address this recommendation.
View More Recommendations

Related Pages