The Government Accountability Office has said the binding operational directives issued by the Department of Homeland Security have been effective in helping federal agencies strengthen their cybersecurity posture.
For instance, agencies were able to mitigate about 2,500 of the 3,600 detected cyber vulnerabilities within 30 days in response a 2015 directive on critical vulnerability mitigation, GAO said Tuesday.
Other DHS directives GAO cited that have helped improve federal cybersecurity are the 2016 directive on Threat to Network Infrastructure Devices and the Securing High Value Assets initiative.
The congressional watchdog also found that DHS faces challenges when it comes to meeting the requirements of the directives and validating self-reported actions of agencies.
GAO offered four recommendations to help DHS address such issues, such as developing a strategy to validate agencies’ self-reported measures on fulfilling the directives’ requirements using a risk-based approach and determining when to coordinate with the National Institute of Standards and Technology and other stakeholders in the directive development process.
