Cybersecurity leader Larry Zelvin claims "core citizen-facing websites are not exposed to risks" from the security flaw.
The Cyber Defense Exercise, now in its 14th year, is designed to put classroom lessons to use in the real world.
The two-day, closed-door exercise brought together contractors and defense agencies in a test of cyberwarfare.
IRS.gov and HealthCare.gov remain secure, while GSA defends the reliability of open source software.
Government has barely scratched the surface of what it could achieve in R&D with more, better and bigger prize competitions, experts say.
The IRS has failed to consistently install appropriate patches on all databases and servers to protect against known vulnerabilities, GAO found.
The aim is to provide a common language that makes it easier to share data from disparate sources, along with tools and techniques to make the sharing safer.
The Section 516 rule seeks to eliminate IT gear from firms that are responsible for cyberattacks on U.S. companies or have ties to China's military.
The department's inspector general says backup plans for the systems that support workplace as a service are inadequate.
Continuous diagnostics and mitigation will allow agencies to have a clearer view of vulnerability gaps, and could also aid forensic investigators after the fact.
The spectrum in question is used by federal agencies, which would share frequencies with commercial entities.
"Where I see failures happening in implementation is when people try to do too much all at one time," says Guidance Software’s Chad McManamy.