The General Services Administration‘s inspector general has found that GSA has adopted multi-factor authentication for 11 of its 18 covered information technology systems in compliance with government policies for data systems.

GSA IG said in a report released Wednesday that the agency’s access control procedures comply with the National Institute of Standards and Technology’s standards, Office of Management and Budget guidance and other government policies.

The IG drafted the report to evaluate GSA’s IT practices and policies in compliance with the provisions of the Cybersecurity Act of 2015.

The report noted that 14 out of the 18 IT systems employ automated tools, such as IBM’s BigFix and BMC’s Blade Logic Operations Manager, in order to manage software inventories and licenses.

GSA has also implemented several measures to prevent loss of sensitive data, such as adoption of firewalls and intrusion detection tools, deployment of the Cloudlock platform to monitor excessive file exchanges in the Google environment and use of GSA’s security operations center dashboard to detect malicious network traffic.

The IG also cited that GSA has drafted policies that require IT service providers to comply with the agency’s IT security requirements.

Such policies include the GSA Procedural Guide to Security Language for IT Acquisition Efforts and the GSA IT Security Policy, according to the report.

The Interior Department‘s Office of Inspector General has recommended that DOI update its logical access control policies in order to meet current sensitive data protection requirements established by the National Institute of Standards and Technology.

DOI OIG said in an Aug.8 audit report it reviewed the department’s security policies and procedures that apply to its computer networks and systems related to logical access control practices, multifactor verification, software inventory, threat prevention and contract oversight.

The inspector general found that the department implemented multifactor authentication to protect its sensitive systems and software inventory management from unauthorized access.

DOI should implement measures to prevent unauthorized access to privileged functions as well as audit trails to monitor user access and prevent insider threats, the IG added.

The IG also urged the department to encrypt its mobile devices to protect sensitive data from theft when a device is lost or stolen.

Russell Fenton, a training and doctrine command capability manager at the U.S. Army‘s the defensive cyberspace operations branch, has said cyber operators should maneuver remotely or on site to provide quick security response as needed, C4ISR & Networks reported Wednesday.

He told the TechNet Augusta conference the Army seeks to test a forensics malware tool on the defensive cyber operations maneuver baseline at the branch’s Network Integration Evaluation 17.2, Mark Pomerleau reports.

Fenton said the forensics malware tool would apply enterprise-wide and that the goal is to create a regional cyber center to acquire the artifacts with the use of the technology, according to the publication.

The report said he believes legal issues are a significant factor in the adoption of remote capability.

“From the legal standpoint, are we able to do that?” he said.

“Because, again, you want to make sure that the evidence is not tainted or that its integrity is jeopardized in a way that an analyst can go in and actually find out what the heck happened.”