Download our in-depth report: The Ultimate Guide to IT Security VendorsThe good news: Federal agencies are making progress in implementing stronger information security regimes. The bad news: It hasn't helped much.
A new report released Friday by the general Accountability Office (GAO) states that ''overall'' agencies are improving their systems security, but ''pervasive weaknesses'' still plague agencies and threaten the ''integrity, confidentiality and availability'' of federal information systems.
In addition, the GAO report states the weaknesses place financial data at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure and critical operations at risk of disruption.
According to the GAO, the weaknesses exist because agencies have not yet fully implemented the security measures mandated by the 2002 Federal Information Security Management Act (FISMA).https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i ''As a result, federal operations and assets are at increased risk of fraud, misuse and destruction,'' the GAO report states. ''In addition, these weaknesses place financial data at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure and critical operations at risk of disruption.''
Of the 24 federal agencies it audited, the GAO study found five major areas of weaknesses including access controls, software change controls, segregation of duties, continuity of operations planning and agency-wide security programs.
The Departments of Defense, Homeland Security, Commerce, Transportation, Justice and Interior, the GAO states, have weaknesses in all five areas. FISMA requires each agency to have policies and procedures that ensure compliance with minimally acceptable system configuration requirements, as determined by the agency.
In fiscal year 2004, for the first time, agencies reported on the degree to which they had implemented security configurations for specific operating systems and software applications.