Agencies not in compliance cited problems including lack of staff, technical challenges and limitations in cyber threat information sharing. Image: Sergey Nivens/Shutterstock.com
By: FEDweek StaffOnly three of 23 Cabinet departments and largest independent agencies met OMB requirements for achieving by August a certain level of detecting, reporting, and responding to cybersecurity incidents, the GAO has said.
OMB in 2021 had required agencies to achieve within two years a “tier 3” level, meaning that logging requirements at all criticality levels are met. But GAO found that only three—Agriculture, NSF and SBA—had met that target while three others—GSA, SSA and USAID—were at the tier 1 (basic) level of compliance and the rest were at tier 0 (not effective).
Although the Defense Department is also one of the CFO Act agencies—which account for the vast majority of the federal workforce—it was not assessed because not all of the requirements apply there, GAO said.
Agencies not in compliance cited problems including lack of staff, technical challenges and limitations in cyber threat information sharing, GAO said. It said that efforts in all of those areas are underway but it still made 20 recommendations, saying that “until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate, and remediate cyber threats will be constrained.”
It said that of the 19 agencies involved with the recommendations, 16 agreed and the others neither agreed nor disagreed.
Senate Eyes Vote to Pay Federal Employees Working Unpaid
Series of Bills Offered to Address Shutdown’s Impact on Employees
Public Starting to Feel Impact of Shutdown, Survey Shows
OPM Details Coverage Changes, Plan Dropouts for FEHB/PSHB in 2026
Does My FEHB/PSHB Plan Stack Up? Here’s How to Tell
2025 TSP Rollercoaster and the G Fund Merry-go-Round
See also,
TSP Takes Step toward Upcoming In-Plan Roth Conversions
5 Steps to Protect Your Federal Job During the Shutdown
Over 30K TSP Accounts Have Crossed the Million Mark in 2025
