The Government Accountability Office said agencies responsible for nine out of 16 U.S. critical infrastructure components have not determined their efforts to adopt the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity.
GAO said Wednesday it observed a lack of adoption determination at agencies in charge of chemical infrastructure; nuclear reactors, materials and waste; health care and public health; emergency services; financial services; dams; critical manufacturing; communications; and commercial facilities.
The accountability office recommends these agencies develop ways to measure and determine the framework adoption of their respective infrastructure sectors.
However, the government watchdog also acknowledged that agencies have determined cybersecurity adoption in the defense industrial base, government facilities and water systems.
Agencies in charge of energy, food agriculture, information technology and transportation systems have not yet achieved this determination but have already made progress towards it.