Agencies lack infosec resources

OMB GISRA report

Federal agencies have the tools necessary to find and fix information security weaknesses but are struggling to find the appropriate resources and personnel to follow through, the General Accounting Office said April 16.

GAO's further assessment of agencies' security capabilities came in a letter to the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, in response to questions raised at a March 6 hearing held by Rep. Stephen Horn (R-Calif.), the subcommittee chairman. The hearing focused on the first reports issued under the Government Information Security Reform Act, which requires agencies to perform annual independent and self-assessments of their security practices.

"In past years, most reviews of information security controls were performed as part of agency financial statement audits and, thus, focused on financial systems," Robert Dacey, GAO's director for information security issues, wrote in the letter. "It is the extent of the weaknesses for [the] nonfinancial systems that are still not fully identified."

Agencies' inspectors general have GAO's Federal Information System Controls Audit Manual. However, performing these audits and assessments on all systems "will place a significant new burden on the existing audit capabilities of agency inspectors general and will require that they have appropriate resources to either perform or contract for the needed work," Dacey wrote.

Two significant barriers to agencies improving their security are obtaining appropriate security funding and finding personnel with the necessary technical expertise to select, implement and maintain security controls, Dacey wrote.

Featured

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected