US Federal Agencies Flunk the Security Standards Exam
Almost all key US federal civilian agencies are all well below security standards they are required to meet, says Government Accountability Office (GAO). In a recent report quoted by Dark Reading, the GAO found that of the 24 agencies they have reviewed, almost all had major flaws in security controls and management, which puts them in harm’s way, allowing for successful cyberattacks that could compromise them. The GAO also stated they kept making several recommendations to the reviewed agencies, many of which have been overlooked.
During the past three years, the number of incidents reported by federal agencies to U.S.-CERT has increased by almost 200 percent — from 5,503 in 2006 to 16,843 in 2008, according to the report. More than one-third of the incidents are still under investigation, and the sources of the compromises are not yet known.
Of the incidents in which the sources are known, approximately 22 percent were caused by improper use of computers by authorized users, the report states. Eighteen percent of the compromises were caused by unauthorized access, and 14 percent were caused by malicious code. About 12 percent of the breaches were caused by scans, probes, or attempted access by external attackers, the report says.
The new data reported by the GAO is downright scary, especially when only 4 got the “no significant weakness” stamp after the review. The remainder of 20 agencies reported either “material weaknesses”(7) or, even worse, “significant deficiencies” (13).
July 30th, 2009 at 10:33 pm
[...] By vpnhaus Leave a Comment Categories: Highlights Endpoint-Security Info… US Federal Agencies Flunk the Security Standards Exam Agent Smith provides some shocking information about the US federal civilian agencies. According to [...]