The US Government Accountability Office (GAO) released a report last Thursday highlighting federal agencies’ failure to implement cybersecurity recommendations. The GAO found that 60% of the cybersecurity recommendations made by the office since 2010 have not been implemented. The GAO stated that the failure to follow the recommendations results in limited abilities to protect private and sensitive data. Out of the 335 public recommendations made int he past decade, roughly 190 have gone unimplemented.
The GAO stated that some advisories, such as the 2018 National Cyber Strategy, were partially addressed and appropriate action taken, but not all of them. The GAO states that the strategies are designed to help protect federal agencies against cyberattacks, supply chain risks, and other threats facing the federal government. Additionally, the GAO reviewed 23 civilian agencies, finding that none of those reviewed had fully implemented any of the seven foundational practices for supply chain risk mitigation.
Read More: Most Federal Agencies Ignored GAO’s Cybersecurity Recommendations