The Government Accountability Office investigated the Departments of the Treasury, Agriculture, Homeland Security, and Labor, and found that they did not fully implement all of their key cloud security practices.
In a report published Thursday, GAO said that the gaps in implementation could increase their susceptibility to cyberattacks.
DHS fully executed three out of six key measures across all its systems, including defining security responsibilities and documenting incident response and recovery procedures. However, the agency only partially executed two of the practices, and was not at all performing continuous monitoring.
The Labor Department also practiced three key measures across the board, but GAO noted the absence of efforts to meet FedRAMP requirements in all of its cloud systems.
The Agriculture Department only had two cloud security practices fully implemented, while the Treasury Department only partially practiced all the security procedures across its cloud services.
The government watchdog recommended 35 plans of action, including consistent monitoring of software-as-a-service applications and alignment of performance metrics with the agencies’ service level agreements with cloud providers.