Despite a NASA initiative to move to continuous monitoring of its IT systems, perceived as better approach to information security, the space agency fails a FISMA audit and agrees to take remedial steps by next year.
"The harmonization effort has the potential to reduce duplication of effort and allow more effective implementation of information security controls across interconnected systems," says GAO's Gregory Wilshusen.
"We raised the profile of the issue," says Jim Lewis, director and senior fellow at the Center for Strategic and International Studies. "Now, nobody won't say cybersecurity isn't a problem, and that's a positive thing."
Sensitive information maintained by three federal departments - Defense, Homeland Security and Health and Human Services - isn't fully safeguarded from the inquisitive eyes of government contractors, putting the data at risk of unauthorized disclosure or misuse.
"There is a risk that owners of critical infrastructure will not have the information necessary to thwart cyber attacks that could have catastrophic effects on our nation's cyber-reliant critical infrastructure," GAO David Powner says.
By upgrading the Social Security card to a smart card-based identity credential, the U.S. federal government could address the immigration issue and provide a straight forward way to verify employment eligibility.
"Without top-level leadership, the federal government has not forged a coherent and comprehensive strategy for cyberspace security and governance policy," GAO's David Powner says in a letter to lawmakers.
"Our efforts to gain access to information are hampered because the Bureau of Consular Affairs is not considered a law enforcement entity for information sharing purposes," Deputy Assistant Secretary of State Brenda Sprague says.