Agencies lack infosec resources

OMB GISRA report

Federal agencies have the tools necessary to find and fix information security weaknesses but are struggling to find the appropriate resources and personnel to follow through, the General Accounting Office said April 16.

GAO's further assessment of agencies' security capabilities came in a letter to the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, in response to questions raised at a March 6 hearing held by Rep. Stephen Horn (R-Calif.), the subcommittee chairman. The hearing focused on the first reports issued under the Government Information Security Reform Act, which requires agencies to perform annual independent and self-assessments of their security practices.

"In past years, most reviews of information security controls were performed as part of agency financial statement audits and, thus, focused on financial systems," Robert Dacey, GAO's director for information security issues, wrote in the letter. "It is the extent of the weaknesses for [the] nonfinancial systems that are still not fully identified."

Agencies' inspectors general have GAO's Federal Information System Controls Audit Manual. However, performing these audits and assessments on all systems "will place a significant new burden on the existing audit capabilities of agency inspectors general and will require that they have appropriate resources to either perform or contract for the needed work," Dacey wrote.

Two significant barriers to agencies improving their security are obtaining appropriate security funding and finding personnel with the necessary technical expertise to select, implement and maintain security controls, Dacey wrote.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.