Agencies lack infosec resources

OMB GISRA report

Federal agencies have the tools necessary to find and fix information security weaknesses but are struggling to find the appropriate resources and personnel to follow through, the General Accounting Office said April 16.

GAO's further assessment of agencies' security capabilities came in a letter to the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, in response to questions raised at a March 6 hearing held by Rep. Stephen Horn (R-Calif.), the subcommittee chairman. The hearing focused on the first reports issued under the Government Information Security Reform Act, which requires agencies to perform annual independent and self-assessments of their security practices.

"In past years, most reviews of information security controls were performed as part of agency financial statement audits and, thus, focused on financial systems," Robert Dacey, GAO's director for information security issues, wrote in the letter. "It is the extent of the weaknesses for [the] nonfinancial systems that are still not fully identified."

Agencies' inspectors general have GAO's Federal Information System Controls Audit Manual. However, performing these audits and assessments on all systems "will place a significant new burden on the existing audit capabilities of agency inspectors general and will require that they have appropriate resources to either perform or contract for the needed work," Dacey wrote.

Two significant barriers to agencies improving their security are obtaining appropriate security funding and finding personnel with the necessary technical expertise to select, implement and maintain security controls, Dacey wrote.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected