GAO found common problems including “management accountability issues and gaps in standards and quality control.” Image: dencg/Shutterstock.com
By: FEDweek StaffFederal agencies’ implementation of the Federal Information Security Modernization Act “continued to be mostly ineffective” in 2021-2022, GAO has said, with 18 of 23 Cabinet departments and major independent agencies rated as “not effective” in the former year and 15 in the latter.
That 2014 law requires federal agencies to strengthen information security programs but in a review of agency data and inspector general reports, the GAO found common problems including “management accountability issues and gaps in standards and quality control.”
The report said that while OMB and other entities provide metrics to evaluate FISMA implementation, agencies and IGs say that some of those metrics “are not useful because they do not always accurately evaluate information security programs. Agencies and IGs reported that metrics should be clearly tied to performance goals, account for workforce issues and agency size, and incorporate risk.”
Best practices that agency officials identified to GAO as being effective in implementing FISMA included internal communication, leadership commitment and centralized policies and procedures.
OMB did not take a position on GAO recommendations that it set metrics that address the key causes of ineffective programs.
Shutdown Meter Ticking Up a Bit
Judge Backs Suit against Firings of Probationers, but Won’t Order Reinstatements
Focus Turns to Senate on Effort to Block Trump Order against Unions
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
Hill Dems Question OPM on PSHB Program After IG Slams Readiness
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
