In a new report on wireless network security, GAO noted that agencies “have taken steps to secure their wireless networks, but more can be done to improve security and to limit vulnerability to attack.”
GAO also noted that,
In a July 2010 memo, OMB directed the Department of Homeland Security (DHS) to exercise primary responsibility within the executive branch for the operational aspects of federal agency cybersecurity with respect to the federal information systems that fall within FISMA.
According to the Director of Federal Network Security—the DHS official responsible for many of DHS’s newly assigned FISMA-related activities—DHS is beginning its oversight activities through the annual FISMA reporting process that federal agencies are required to follow. The official stated that the department does not currently have any wireless-security-specific activities under way, but that the department is planning future activities that may address wireless security, including compliance audits and an architecture document.
The Report further noted that in 2005, GAO “recommended that the Director of OMB instruct federal agencies to ensure that wireless network security is incorporated into their agencywide information security programs, in accordance with FISMA.”
The report also stated that in “response to our recommendations, OMB has instructed federal agencies to ensure network security is incorporated into their agencywide network security program through the use of NIST guidelines. In addition, OMB’s annual FISMA reporting requirements state that agencies must follow NIST standards and guidelines for non-national security programs and information systems.”
The complete GAO report is attached below.
Leave a Reply