OMB said in the risk report that federal agencies should increase their cyber threat awareness through the implementation of the Cyber Threat Framework as well as enhance asset management by standardizing information technology and cyber capabilities.
The two other core actions call for the consolidation of security operations centers to facilitate incident detection and response operations and efforts to promote accountability through risk assessments and governance processes, according to the Federal Cybersecurity Risk Determination Report and Plan.
OMB teamed up with the Department of Homeland Security to evaluate the risk management performance of 96 agencies across 76 metrics and found that 74 percent of them have cyber programs that are classified as âhigh riskâ or âat risk.â
OMB and DHS also found that agencies lack the capability to assess how threat actors gain access to their data and information systems.
OMB issued the risk report in compliance with President Donald Trumpâs executive order on cybersecurity.