Cybersecurity: Actions Needed to Strengthen U.S. Capabilities
Abstract
GAO has consistently identified shortcomings in the federal government's approach to ensuring the security of federal information systems and cyber critical infrastructure as well as its approach to protecting the privacy of personally identifiable information (PII). While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure information and information systems, the federal government needs to take the following actions to strengthen U.S. cybersecurity: Effectively implement risk-based entity-wide information security programs consistently over time. Among other things, agencies need to (1) implement sustainable processes for securely configuring operating systems, applications, workstations, servers, and network devices; (2) patch vulnerable systems and replace unsupported software; (3) develop comprehensive security test and evaluation procedures and conduct examinations on a regular and recurring basis; and (4) strengthen oversight of contractors providing IT services.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 14, 2017
- Accession Number
- AD1153913
Entities
People
- Gregory C. Wilshusen
Organizations
- United States Government Accountability Office