The Government Accountability Office has found that civilian agencies’ implementation of the Federal Information Security Modernization Act of 2014, or FISMA, was mostly ineffective due to various challenges, including gaps in standards, quality control and management accountability.
In a new report, GAO recommends that the Office of Management and Budget collaborate with agency partners to enhance FISMA metrics to address risks, performance goals, workforce issues and agency size.
Inspectors general of 15 of the 23 civilian agencies reported that their agencies did not have effective information security programs in fiscal year 2022, according to GAO’s analysis.
Only eight agencies saw improvements in the effectiveness of their information security programs during the same year, with officials attributing the success to internal communication, leadership commitment and centralized policies and procedures.