68.5 F
Washington D.C.
Thursday, June 8, 2023

GAO: Agencies Need Additional Assessment of NIST Cybersecurity Framework Adoption

A GAO report has found that additional actions are needed to establish cybersecurity framework adoption across agencies.

GAO found that most of the 16 critical infrastructure sectors took action to facilitate adoption of the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity by entities within their sectors. Federal policy dictates that nine sector-specific agencies, in conjunction with DHS, should review the cybersecurity framework.

DHS found four challenges to cybersecurity framework adoption, which include not being able to commit necessary resources, a lack of knowledge and skills, regulatory requirements and other priorities taking precedence.

All sectors should also measure the effectiveness of risk management goals by identifying high-level outcomes and progress made toward national priorities, including securing critical infrastructure against cyber threats, but GAO found that none of the coordinating councils reported having qualitative or quantitative measures of framework adoption.

GAO concluded that SSAs will be limited in their understanding of the success of cybersecurity measures, or where to focus resources, until they understand how entities within critical infrastructure sectors are using the framework. It recommends that all nine SSAs, which includes the Department of Defense, the GSA and DHS, should consult with sector partners to determine the level of framework adoption within their agencies.

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles