Federal agencies made “notable” progress in cybersecurity during 2014 but much remains to be done, particularly in the area of authentication of users of computer systems, according to a report from OMB.
“Fiscal Year 2014, in particular, was a pivotal year for federal cybersecurity, marked by sophisticated threat activity and vulnerabilities,” it said. Federal agencies reported nearly 70,000 information security incidents last year, up 15 percent over 2013.
The status report on the Federal Information Security Management Act said there has been continued progress toward the cross agency priority goal on cybersecurity, which focuses on three areas: information security continuous monitoring, strong authentication, and “trusted internet connection consolidation and capabilities.
The report cited, for example, DHS implementation of vulnerability and threat prevention initiatives and agency procurement of over 1.7 million licenses for asset, configuration, and vulnerability management tools.
It said that while overall authentication implementation reached 72 percent, that figure was skewed by DoD’ssuccessful compliance. Apart from DoD, only 41 percent of civilian agencies met metrics for such protections, such as use of unique personal identity verification cards over less secure means of identification and authentication.
