The Government Accountability Office (GAO) said in a report released August 3 that Federal agencies still need to take action on about one-fifth of the cybersecurity recommendations that GAO has issued over the past ten years, and warned of increasing security risks until agencies address them.
Those figures were contained in a report submitted as testimony from Carol Harris, GAO’s Director of Information Technology Management Issues, when she appeared as a witness at the House Government Operations Subcommittee’s hearing to discuss the tenth version of the FITARA Scorecard issued by the House Oversight and Reform Committee.
The best way to make sense of the multicolored scorecard – which grades major Federal agency performance across a variety of IT modernization and related policy categories – is to view the FITARA Dashboard.
GAO said it made about 3,400 recommendations to Federal agencies aimed at addressing cybersecurity challenges since Fiscal Year 2010. Since then, agencies have implemented 79 percent of those, leaving roughly 700 of the recommendations still waiting to be implemented.
“Many agencies continue to be challenged in safeguarding their information systems and information, in part, because many of these recommendations have not been implemented,” GAO said. “Until the remaining recommendations are addressed, agencies’ information and IT systems will be increasingly susceptible to the existing multitude of cyber-related threats,” the government watchdog agency said.
By comparison, GAO said it issued 1,376 IT management-related recommendations to Federal agencies since FY2010, and that since them 64 percent had been implemented.