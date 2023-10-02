The U.S. Department of State must fully implement its cybersecurity risk program and take additional steps to better protect its IT network and systems, a report by the General Accounting Office (GAO) warns. The State Department has completed the authorization process for only 44% of its nearly 500 information systems, and has yet to implement a department-wide continuous monitoring system.

The report tallied 15 recommendations for executive action that remain outstanding. First among them is the recommendation that the State Department instruct the CIO to develop and maintain a department-wide risk profile prioritizing the department’s most significant risks. An improvement of the overall IT infrastructure security is essential, including replacing outdated hardware and software installations, some of which have been in use for more than 13 years.

