GAO: VA, NASA, OPM, NRC Should Address Lapses in Data System Access Controls

1 min read

cybersecurityThe Government Accountability Office has called on the Department of Veterans Affairs, NASA, Office of Personnel Management and the Nuclear Regulatory Commission to address weaknesses in their access controls for information systems that store sensitive data.

GAO said in a report released Tuesday the four federal agencies should also fully implement the components of their information security initiatives, such as security and remedial action plans as well as control assessments.

GAO made the recommendations after it found lapses in contingency planning, access controls and patch management operations across the four agencies.

The congressional audit agency also surveyed 24 federal agencies and found that 18 of them said they consider cyber attacks launched by foreign countries as the most serious threat to their data systems.

Out of 18 agencies, 11 reported 2,267 cyber incidents that compromised their information systems in fiscal year 2014, according to the report.

GAO also advised the Office of Management and Budget to complete the development of security plans and practices in order to help federal agencies protect their information infrastructure from cyber threats.