Home / Civilian / GAO Report: State’s Info Security Program Limited

GAO Report: State’s Info Security Program Limited

Photo: Python.org

The State Department has developed a system for identifying and prioritizing information security risks but it does not paint a complete picture, a Government Accountability Office report said.

The department developed iPost, a program providing continuous monitoring capabilities of information security risk. The department also developed a scoring system for iPost.

GAO said the State Department, by developing iPost, has been at the forefront of federal efforts in developing and implementing a continuous monitoring capability.

However, the iPost scoring system does not cover all areas affecting information security risk. GAO found iPost addresses Windows hosts but not other IT assets on State’s unclassified network, does not score all information security components and did not demonstrate the extent to which scores are based on risk factors.

GAO recommended the State Department improve iPost by documenting existing controls to ensure the timeliness, accuracy and completeness of iPost data. GAO also recommended the department’s chief information officer consistently notify senior managers of the need for corrective actions.

Click here to read the full report.

Check Also

Andrew Charles: Navy Should Determine Where AI Fits Into System

Capt. Andrew Charles, director of tactical exploitation of national capabilities for the U.S. Navy, has said the service should determine where artificial intelligence technologies apply in its operations, and where they don't, Federal News Network reported Friday.

Leave a Reply

Your email address will not be published. Required fields are marked *