A new GAO (Government Accountability Office) report has found that most federal agencies are prone to cyber attacks.
According to GAO, the agencies have not effectively implemented the federal government’s approach and strategy for securing information systems, which is grounded in the provisions of FISMA (Federal Information Security Modernization Act of 2014) and Executive Order 13800. FISMA requires agencies to create, record, and implement an agency-wide security program to protect their systems. The Executive Order directs agencies to use the NIST CSF (National Institute of Standards and Technology’s Cybersecurity Framework) for managing cybersecurity risks.
- Inspector generals evaluating the maturity of information security programs based on NIST’s core security functions found that 17 of the 23 agencies did not effectively implement the security strategy
- They also found that 17 of the 23 agencies had material weaknesses and/or significant deficiencies in financial reporting internal controls
- 17 of the 23 CIOs (chief information officers) said that their agency did not meet all elements of the government’s cybersecurity cross-agency priority goal
- On the sufficiency and appropriateness of federal agencies’ processes for managing cybersecurity risk, 10 agencies were found to be at risk
NIST and ISO 27001
All organizations, whether public or private, must take the appropriate cybersecurity steps to protect their customers, finances, personnel, and reputation.
The NIST CSF is a voluntary framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices. The CSF can work in conjunction with ISO 27001, the international standard for information security management, helping you comply with the NIST SP 800-171A requirements mandated by the DFARS cybersecurity rules.
Download our free green paper to learn about the NIST CSF and ISO 27001, and how to get started with compliance.
Learn how to plan, implement, and maintain an ISO 27001-compliant ISMS (information security management system) and achieve ISO 27001 certification with IT Governance’s ISO 27001 Foundation and Lead Implementer training courses.
Enroll by January 31, 2019 to take advantage of our holiday sale.
Spend more than $500 to get $50 off
Spend more than $1,000 to get $100 off
Spend more than $2,000 to get $200 off
Spend more than $5,000 to get $500 off
Offer applies automatically at checkout. Save here >>