Image

Information Security

Open Recommendations

Internet of Things: Federal Actions Needed to Address Legislative Requirements

Show

11 Open Recommendations

Agency Affected	Recommendation	Status
Office of Management and Budget	The Director of OMB should verify agency-reported IoT cybersecurity waivers. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Education	The Secretary of Education should direct the CIO to complete the covered IoT inventory within the revised time frame it has proposed. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Health and Human Services	The Secretary of HHS should direct the CIO to complete the covered IoT inventory within the revised time frame it has proposed. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Labor	The Secretary of Labor should direct the CIO to establish a plan and time frame for completing the covered IoT inventory, as directed by OMB. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Department of Veterans Affairs	The Secretary of Veterans Affairs should direct the CIO to establish a plan and time frame for completing the covered IoT inventory, as directed by OMB. (Recommendation 5)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency	The Administrator of the Environmental Protection Agency should direct the CIO to complete the covered IoT inventory within the revised time frame it has proposed. (Recommendation 6)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Future of Cybersecurity: Leadership Needed to Fully Define Quantum Threat Mitigation Strategy

Show

1 Open Recommendations

Agency Affected	Recommendation	Status
Office of the National Cyber Director	The National Cyber Director should (1) lead the coordination of the national quantum computing cybersecurity strategy and (2) ensure that the strategy's various documents address all the desirable characteristics of a national strategy. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Critical Infrastructure Protection: EPA Urgently Needs a Strategy to Address Cybersecurity Risks to Water and Wastewater Systems

Show

4 Open Recommendations

Agency Affected	Recommendation	Status
Environmental Protection Agency	The Administrator of EPA should, as required by law, conduct a water sector risk assessment, considering physical security and cybersecurity threats, vulnerabilities, and consequences. (Recommendation 1)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency	The Administrator of EPA should develop and implement a risk-informed cybersecurity strategy, in coordination with other federal and sector stakeholders, to guide its water sector cybersecurity programs. Such a strategy should include information from a risk assessment and should identify objectives, activities, and performance measures; roles, responsibilities, and coordination; and needed resources and investments. (Recommendation 2)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency	The Administrator of EPA should evaluate its existing legal authorities for carrying out EPA's cybersecurity responsibilities and seek any needed enhancements to such authorities from the administration and Congress. (Recommendation 3)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Environmental Protection Agency	The Administrator of EPA should submit the Vulnerability Self-Assessment Tool (VSAT) for independent peer review and revise the tool as appropriate. (Recommendation 4)	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Systems Annual Assessment: DOD Needs to Strengthen Software Metrics and Address Continued Cybersecurity and Reporting Gaps

Show

1 Open Recommendations

Agency Affected	Recommendation	Status
Department of Defense	We are making one recommendation to the Department of Defense that the Secretary direct the Chief Information Officer and Under Secretary of Defense for Acquisition and Sustainment to ensure that IT business programs developing software use the metrics and management tools required by DOD and consistent with those identified in GAO's Agile Assessment Guide.	Open When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

View More Recommendations

GAO Contacts

Vijay A. D'Souza

Director

Information Technology and Cybersecurity

dsouzav@gao.gov

Nick Marinos

Managing Director

Information Technology and Cybersecurity

MarinosN@gao.gov

William Russell

Director

Contracting and National Security Acquisitions

russellw@gao.gov

Jennifer Franks

Director

Information Technology and Cybersecurity

franksj@gao.gov

David (Dave) Hinchman

Director

Information Technology and Cybersecurity

HinchmanD@gao.gov

Marisol Cruz Cain

Director

Information Technology and Cybersecurity

cruzcainm@gao.gov