GAO offers cybersecurity recommendations to Homeland Security, Management and Budget

The Government Accountability Office (GAO) recently issued a series of cybersecurity enhancement recommendations to the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB).

The GAO maintains until agencies more effectively implement the government’s approach and strategy regarding safeguarding measures, federal systems will remain at risk – noting inspectors general (IGs) evaluated the maturity of their agencies’ information security programs using performance measures associated with the five core security functions—identify, protect, detect, respond and recover.

Chief information officers (CIOs) for 17 of the 23 agencies reported not meeting all elements of the government’s cybersecurity cross-agency priority goal, according to the GAO analysis. The goal was intended to improve cybersecurity performance by maintaining ongoing awareness of information security, vulnerabilities, and threats; and implementing technologies and processes that reduce malware risk.

The GAO made two recommendations to DHS, encouraging coordination with agencies to identify additional needs for training and guidance while offering seven recommendations to OMB to direct the Federal CIO to update the mandated report with required information, such as detecting advanced persistent threats.

The Federal Cybersecurity Enhancement Act of 2015 contained a provision for GAO to report on the effectiveness of the government’s approach and strategy for securing its systems.

GAO officials said DHS agreed with the recommendations while OMB did not indicate whether it concurred with the recommendations or not.