60% of cybersecurity recommendations ignored by Federal depts, says GAO

Share post:

According to the U.S. Government Accountability Office (GAO), Congress’ auditing and investigative arm, it has been shouting into the void since 2010, with approximately 60% of its 335 cybersecurity recommendations not being implemented.

Since 2010, GAO said it has made approximately 335 recommendations in public reports on developing a comprehensive cybersecurity strategy and performing oversight. GAO discovered that approximately 60% of those recommendations had not been implemented as of December 2022.

For example, in December 2020, GAO found that none of the 23 civilian agencies had fully implemented all seven foundational practices for supply chain risk management, and 14 had not implemented any of the practices.

GAO identified several recommendations, including addressing supply-chain risks, developing policies for managing supply chain risks, identifying and documenting an agency’s supply chain, and detecting counterfeit and compromised information and communications technologies (ICT) before they are deployed.

The agency also stated that government oversight must evolve to keep up with the rapid advancements in AI technologies, and that preparations must be made now for the arrival of quantum computing, which will bring its own set of cybersecurity threats.

Federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them, according to the government watchdog, until the recommendations are fully implemented.

The sources for this piece include an article in TheRegister.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways