Agencies not in compliance cited problems including lack of staff, technical challenges and limitations in cyber threat information sharing. Image: Sergey Nivens/Shutterstock.com
Only three of 23 Cabinet departments and largest independent agencies met OMB requirements for achieving by August a certain level of detecting, reporting, and responding to cybersecurity incidents, the GAO has said.
OMB in 2021 had required agencies to achieve within two years a “tier 3” level, meaning that logging requirements at all criticality levels are met. But GAO found that only three—Agriculture, NSF and SBA—had met that target while three others—GSA, SSA and USAID—were at the tier 1 (basic) level of compliance and the rest were at tier 0 (not effective).
Although the Defense Department is also one of the CFO Act agencies—which account for the vast majority of the federal workforce—it was not assessed because not all of the requirements apply there, GAO said.
Agencies not in compliance cited problems including lack of staff, technical challenges and limitations in cyber threat information sharing, GAO said. It said that efforts in all of those areas are underway but it still made 20 recommendations, saying that “until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate, and remediate cyber threats will be constrained.”
It said that of the 19 agencies involved with the recommendations, 16 agreed and the others neither agreed nor disagreed.
Key Bills Advancing, but No Path to Avoid Shutdown Apparent
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
DoD Announces Civilian Volunteer Detail in Support of Immigration Enforcement
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
How to Challenge a Federal Reduction in Force (RIF) in 2025
Should I be Shooting for a $1M TSP Balance? Depends…