The Government Accountability Office has recommended that the Office of Management and Budget and the Department of Homeland Security help federal agencies build up their capabilities to detect and prevent intrusions and other cyber threats.
Inspectors general at 23 civilian agencies covered under the Chief Financial Officers Act of 1990 assessed the data security programs of their organizations using performance measures related to five security functions and reported that 17 of those agencies did not effectively implement those programs, GAO said Tuesday.
Those five core security functions are identity, detect, protect, respond and recover.
Of the 23 civilian CFO Act agencies, GAO found that 17 agencies showed internal control-related deficiencies for financial reporting and 10 organizations were at risk for cyber incidents.
Twenty-one of 23 civilian agencies failed to “sufficiently” improve their email protection measures via the implementation of DHS’ email security directive, according to the GAO report.