GAO found common problems including “management accountability issues and gaps in standards and quality control.” Image: dencg/Shutterstock.com
Federal agencies’ implementation of the Federal Information Security Modernization Act “continued to be mostly ineffective” in 2021-2022, GAO has said, with 18 of 23 Cabinet departments and major independent agencies rated as “not effective” in the former year and 15 in the latter.
That 2014 law requires federal agencies to strengthen information security programs but in a review of agency data and inspector general reports, the GAO found common problems including “management accountability issues and gaps in standards and quality control.”
The report said that while OMB and other entities provide metrics to evaluate FISMA implementation, agencies and IGs say that some of those metrics “are not useful because they do not always accurately evaluate information security programs. Agencies and IGs reported that metrics should be clearly tied to performance goals, account for workforce issues and agency size, and incorporate risk.”
Best practices that agency officials identified to GAO as being effective in implementing FISMA included internal communication, leadership commitment and centralized policies and procedures.
OMB did not take a position on GAO recommendations that it set metrics that address the key causes of ineffective programs.
Deferred Resignation Periods about to End for Many; Overall 12% Drop
Retirement Surge Likely as Deferred Resignation Periods End
Senate Rejects Bills to Defer Shutdown; Familiar Process Lies Just Ahead
Senate Bill Would Override Trump Orders against Unions
Report Describes Impact of Shutdown on Employees, Agencies
TSP Adds Detail to Upcoming Roth Conversion Feature
See also,
How to Handle Taxes Owed on TSP Roth Conversions? Use a Ladder
The Best Ages for Federal Employees to Retire
Best States to Retire for Federal Retirees: 2025