GAO: FDA Should Implement Agency-Wide Info Security Program to Address Risks

cyberwarfareThe Government Accountability Office has recommended the Food and Drug Administration fully implement an agency-wide information security program and take 166 specific actions to address gaps in information security controls.

GAO said in a report published Thursday the FDA has taken steps to protect seven GAO-reviewed systems that might jeopardize the confidentiality, integrity and availability of information and systems.

Auditors noted the FDA did not fully or consistently implement access controls designed to prevent, limit and detect unauthorized access to computing resources and 87 information security weaknesses were identified on access controls, configuration management, contingency planning and media protection.

GAO added the FDA did not protect boundaries of its network, identify and authenticate system users, limit user access, encrypt sensitive data, audit and monitor system activity or conduct physical security reviews on its facilities.

The watchdog cited control weaknesses as a product of a failure to implement an FDA-wide information security program required under the Federal Information Security Modernization Act of 2014 and the Federal Information Security Management Act of 2002.

Check Also

FireEye

FireEye to Provide Cybersecurity Defenses to Texas DIR; Pat Sheridan Quoted

FireEye, Inc. has announced that it will offer cyber security defenses to Texas public sector agencies, under Texas Department of Information Resources (DIR), the company reported on Thursday. Through the end of 2020, FireEye security products and Mandiant Solutions services will be available to all Texas agencies, county governments, cities and school districts through DIR’s Bulk Purchase Initiative for Endpoint Detection and Response (EDR) solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *