GAO: Agencies Overseeing Critical Sectors Must Ensure NIST Cybersecurity Framework Compliance


The Government Accountability Office has found that most organizations voluntarily agreed to adopt the National Institute of Standards and Technology's cybersecurity framework but their overseeing agencies are yet to develop ways to ensure NIST compliance.

GAO said in its report published Tuesday that it studied 12 organizations that reported voluntary compliance with NIST’s Framework for Improving Critical Infrastructure Cybersecurity. The watchdog noted that five of the nine agencies with oversight of 16 critical infrastructure sectors are yet to establish methods for determining organizations’ adoption of the cybersecurity framework. 

According to GAO, the 12 organizations reported progress such as risk identification and standardized guidelines upon implementation of the NIST framework. 

The overseeing entities, known as sector-specific agencies, reported that they were unable to provide information on the improvements due to the framework’s voluntary nature as well as a lack of metrics and a centralized information-sharing procedure.

GAO said that until the SSAs establish a method for reporting sector-wide improvements, the “extent to which the 16 critical infrastructure sectors are better protecting their critical infrastructures from threats will be largely unknown.”

You may also be interested in...

Interstellar Research

NASA Taps Poland to Build Instrument for Interstellar Research Program

Poland's science ministry will build a new space mapping technology for NASA under an agreement between the two organizations and a larger effort to study the sun's heliosphere. GLOWS' function will support the U.S. space agency's Interstellar Mapping and Acceleration Probe (IMAP) that aims to assess and map the sun's heliosphere.