GAO Offers Recommendations for DLA to Improve Cybersecurity of Inventory Management Systems

GAO Offers Recommendations for DLA to Improve Cybersecurity of Inventory Management Systems
Systemically Important Critical Infrastructure

The Government Accountability Office (GAO) has called on the Defense Logistics Agency (DLA) to act on its recommendations to address deficiencies in the implementation of risk management steps in order to mitigate cybersecurity risks facing its inventory management systems.

GAO recommended that DLA update its standard operating procedures to require program offices to come up with a system-specific monitoring strategy that is consistent with the Department of Defense’s risk management framework and related National Institute of Standards and Technology (NIST) guidance, according to a report published Monday.

The head of DLA should also implement an approval process for system assessment plans and direct the cybersecurity office to create a process for program offices to evaluate the completeness and consistency of authorization documentation prior to the submission of the plans to the designated official for review.

The congressional watchdog made the recommendations after it found that DLA only partially addressed four of DOD’s six risk management steps for six selected systems for inventory management. Those steps are selecting security controls, authorizing the system, assessing and monitoring security controls.

“Until DLA addresses the identified deficiencies, the agency's management of cyber risks for critical systems will be impeded and potentially pose risks to other DOD systems that could be accessed if DLA's systems are compromised,” the report reads.

You may also be interested in...

Anthony Iasso

Anthony Iasso Named Xator CTO; CEO David Scott Quoted

The Xator Corporation announced on Friday that Anthony Iasso has been appointed the company’s new chief technology officer. Xator CEO David Scott elaborated that Iasso would take advantage of Xator’s key investments in the company’s acquisitions and tech capabilities to further propel its solution offerings for its customers.