Editor’s Note: The GAO report, “FY 2012 Office of Inspector General FISMA Audit of GSA’s Information Technology Security Program, Report Number A120125/O/F/F12005” is attached here. Below are excerpts from the audit report.
What We Found
We identified the following during our audit:
Finding 1 – Systems faced increased threats because security patching for high-risk vulnerabilities were not performed timely.
Finding 2 – For newly deployed systems, PBS lacks procedures to ensure that system officials will be able to recover data and restore the system in the event of a contingency.
Finding 3 – The Office of the Chief Information Officer (OCIO) lacks comprehensive guidance for the secure development of mobile applications to mitigate mobile threats.
What We Recommend
Based on our audit findings we recommend the GSA Chief Information Officer (CIO):
1. Conduct additional oversight of patch management implementations to ensure that system officials are addressing vulnerabilities on GSA systems in a timely manner.
2. Work with PBS to ensure that PBS develops and implements a process for testing the restoration of system backups before new systems are deployed.
3. Create guidance to assist GSA system officials in securely developing applications for mobile platforms.
Management Comments
Management agreed with our findings and recommendations. The GSA CIO’s complete response is presented in Appendix B.
The landscape of secure mobile application development is ever-evolving. Organizations like GSA are working towards comprehensive guidance, yet challenges persist. In the realm of modern business applications, staying updated with the latest development frameworks is crucial. Delving into resources like articles on the Best hybrid app framework in 2023 can provide valuable insights. These technologies empower businesses to create robust and secure applications, contributing to a safer mobile experience for users.