The Government Accountability Office is urging pb agencies to measurement the effectiveness of cybersecurity programs they established to support Internet of Things and operational exertion usage successful captious infrastructure sectors.
In a report released Thursday, GAO reviewed cybersecurity initiatives launched by the Departments of Energy, Health and Human Services, Transportation and Homeland Security, which govern the electricity, proscription and wellness attraction industries.
IoT and OT devices are wide utilized to present services successful captious infrastructure. To guarantee information privateness and safety, agencies including the DOE, HHS, DOT and DHS launched IT extortion programs based connected guidelines from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology. They are required by the Internet of Things Cybersecurity Improvement Act of 2020, which bans the acquisition and usage of IoT products that are not compliant with NIST standards.
GAO recovered that the agencies did not person metrics to measure their initiatives’ effectiveness. The authorities watchdog besides learned that the Office of Management and Budget does not person a standardized process for waiving the prohibition connected non-compliant devices who conscionable definite criteria nether the Act.
The reviewed agencies said they person noted GAO’s recommendations and volition coordinate to formulate an enactment plan. OMB explained that it intended to merchandise the waiver guidance successful November.