Report: SEC Failed to Fully Implement 2017 Cloud Strategy

The Securities and Exchange Commission’s  Office of Inspector General released a report stating that the agency “did not fully implement its cloud strategy” and failed to execute an enterprise information technology approach to cloud migration.

According to the report, SEC lacked progress in its 2017 cloud strategy and launched only two pilot programs slated for implementation across an enterprise network. The IG also found that SEC’s contracts didn’t include security requirements and that there were incomplete or missing security assessment reports as well as Federal Risk and Authorization Management Program baseline controls.

“The conditions we observed occurred because the Office of IT  had not developed policies and procedures specific to cloud system security, or adequate processes to ensure compliance with FedRAMP baseline controls and enhancements for which the agency is responsible,” the report noted.

“As a result, the SEC has not yet fully realized the potential performance and economic benefits attributed to cloud computing services.”

Check Also

FireEye

FireEye to Provide Cybersecurity Defenses to Texas DIR; Pat Sheridan Quoted

FireEye, Inc. has announced that it will offer cyber security defenses to Texas public sector agencies, under Texas Department of Information Resources (DIR), the company reported on Thursday. Through the end of 2020, FireEye security products and Mandiant Solutions services will be available to all Texas agencies, county governments, cities and school districts through DIR’s Bulk Purchase Initiative for Endpoint Detection and Response (EDR) solutions.