The United States Government Accountability Office (GAO) says it found 23 federal agencies lack proper cybersecurity measures to address oncoming challenges for the 2020 Presidential Election in a new report. 

Although the 23 federal agencies GAO reviewed almost always designated a risk executive, they often did not fully incorporate other key practices in their programs: 

  • Twenty-two agencies established the role of cybersecurity risk executive, to provide agency-wide management and oversight of risk management.
  • Sixteen agencies have not fully established a cybersecurity risk management strategy to delineate the boundaries for risk-based decisions.
  • Seventeen agencies have not fully established agency- and system-level policies for assessing, responding to, and monitoring risk.
  • Eleven agencies have not fully established a process for assessing agencywide cybersecurity risks based on an aggregation of system-level risks.
  • Thirteen agencies have not fully established a process for coordinating between their cybersecurity and ERM programs for managing all major risks. 

Additionally, agencies face challenges with:

  • Hiring and retaining key cybersecurity management personnel
  • Managing competing priorities between operations and cybersecurity
  • Establishing and implementing consistent policies and procedures
  • Establishing and implementing standardized technology capabilities
  • Receiving quality risk data
  • Using federal cybersecurity risk management guidance
  • Developing an agency-wide risk management strategy
  • Incorporating cyber risks into enterprise risk management 

To read the full report, click here