Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Information Technology and Cybersecurity: Evolving the Scorecard Remains Important for Monitoring Agencies’ Progress | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


What GAO Found

Since November 2015, the scorecards issued by this Subcommittee have served as effective oversight tools for monitoring agencies’ implementation of various statutory IT provisions and addressing other key IT issues. The selected provisions are from laws such as the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA) and the Federal Information Security Modernization Act of 2014. The scorecards have assigned each covered agency a letter grade (i.e., A, B, C, D, or F) based on components derived from statutory requirements and additional IT-related topics.

As of December 2022, fifteen scorecards had been released (see figure).

Scorecards Release Timeline with Associated Components

The Subcommittee-assigned grades have shown steady improvement as demonstrated by the removal (or sunset) of components. For example, during 2020 and 2021, all 24 agencies received A grades for software licensing and data center optimization, resulting in removal of these components.

Notwithstanding the improvements made by using the scorecard, the federal government’s difficulties acquiring, developing, managing, and securing its IT investments persist. Continued oversight by Congress to hold agencies accountable for implementing statutory provisions and addressing longstanding weaknesses is essential. Evolving the components of the scorecard to adapt to changes in the federal landscape also remains important.

Toward this end, GAO provided input to this Subcommittee regarding additional measures that could be added, including topics related to IT legacy system modernization and customer experience. GAO also provided input on ways to enhance the cybersecurity component.

Considering ways to evolve scorecard components is critical to increasing Congress’ ability to monitor agencies’ implementation of statutory IT provisions and address other key IT topics. Agency attention to implementing GAO recommendations can also be instrumental in delivering needed improvements.

Why GAO Did This Study

Federal IT systems provide essential services that are critical to the health, economy, and defense of the nation. For fiscal year 2023, the federal government plans to spend over $122 billion on IT investments.

However, many of these investments have suffered from ineffective management. Further, recent high profile cyber incidents have demonstrated the urgency of addressing cybersecurity weaknesses.

GAO has long recognized the importance of addressing these difficulties by including the management of IT acquisitions and operations as well as the cybersecurity of the nation as areas on its high-risk list.

To improve the management of IT, Congress and the President enacted FITARA in December 2014. FITARA applies to the 24 agencies subject to the Chief Financial Officers Act of 1990, although with limited applicability to the Department of Defense.

GAO was asked to provide an overview of the scorecards released by this Subcommittee and the importance of evolving the components. For this testimony, GAO relied on its previously issued products.

Since 2010, GAO has made approximately 5,400 recommendations to improve IT management and cybersecurity. As of December 2022, federal agencies have fully implemented about 76 percent of these. However, many critical recommendations have not been implemented—nearly 300 on IT management and more than 700 on cybersecurity.

For more information, contact Carol C. Harris at (202) 512-4456 or harriscc@gao.gov or Jennifer R. Franks at (404) 679-1831 or franksj@gao.gov.

// Facebook
(function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src=”https://connect.facebook.net/en_US/all.js”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));
window.fbAsyncInit = function() {
var fb_id = document.querySelectorAll(‘[property=”fb:app_id”]’)[0].getAttribute(“content”);
FB.init({
appId : fb_id, // App ID
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
};

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW