Information Technology: Implementation of Recommendations Is Needed to Strengthen Acquisitions, Operations, and Cybersecurity

Abstract

The federal government planned to invest more than $96 billion in IT in fiscal year 2018. However, IT investments have often failed or contributed little to mission-related outcomes. Further, increasingly sophisticated threats and frequent cyber incidents underscore the need for effective information security. As a result, GAO added two areas to its high-risk list: cybersecurity in 1997 and the management of IT acquisitions and operations in 2015. This statement summarizes federal agencies progress in improving the management, and ensuring thesecurity, of federal IT. It is primarily based on GAOs reports issued between February 1997 and August 2018 (and an ongoing review) on (1) CIO responsibilities, (2) agency CIOs involvement in approving IT contracts, (3) data center consolidation efforts, (4) the management of software licenses, and (5) compliance with cybersecurity requirements. Since fiscal year 2010, GAO has made 1,242 recommendations to OMB and agencies to address shortcomings in IT acquisitions and operations. Since fiscal year 2010, GAO also has made over 3,000 recommendations to federal agencies to improve the security of federal systems. These recommendations include those to improve the implementation of CIO responsibilities, the oversight of the data center consolidation initiative, software license management efforts, and the strength of security programs and technical controls. Most agencies agreed with the recommendations, and GAO will continue to monitor their implementation.

Document Details

Document Type

Technical Report

Publication Date

Dec 12, 2018

Accession Number

AD1157567

Entities

Tags