“A Government Accountability Office (GAO) report found that the Federal Aviation Administration (FAA), Indian Health Service, and Small Business Administration (SBA) are using security tools given to them by the Department of Homeland Security (DHS) as they’re intended: to identify hardware and software on their networks that may have vulnerabilities and insecure configurations. But GAO said the agencies have more to do manage their network in order to optimize the value of the tools.”
“The tools provided by DHS provide cybersecurity data to support the agency’s Continuous Diagnostics and Mitigation (CDM) program by collecting information which is then aggregated and compared to expected outcomes, for example, if device configuration settings meet Federal benchmarks. The data collected by the tools is collected, integrated, and displayed on individual agency dashboards, and a Federal dashboard managed by DHS.”
“GAO said the CDM program has improved network awareness at FAA, Indian Health Service, and SBA, but the government watchdog pointed out that none of the three agencies had effectively implemented all key CDM program requirements…” Read the full article here.
Source: GAO Pokes FAA, SBA, Indian Health on Fully Enabling CDM Tools – By Jordan Smith, August 19, 2020. MeriTalk.