Government Accountability Office says many agencies still haven't met guidelines
Many government agencies have failed to meet the guidelines for protecting personal information that were established two years ago after the breach at the Department of Veterans Affairs.
According to a report issued by the Government Accountability Office (GAO) today, a number of agencies fell short on recommendations for securing databases, remote access, and mobile devices. All of the agencies received a downgrade in their scores for e-government progress on the President's Management Agenda Scorecard
Of the 24 major agencies audited in the report, only 11 had established policies for logging data extracted from agency databases and for erasing the data within 90 days of extraction. Only 15 agencies had established a "time out" function for remote and mobile devices that requires user re-authentication after 30 minutes of inactivity.
And despite the huge flap following the exposure of veterans' data after a laptop theft at the VA, two agencies still have not developed policies that require encryption of data on mobile computers and devices, the GAO said.
The report also includes details of more than 25 security breaches that occurred between 2004 and 2007, three of which exposed personal data of more than 100,000 individuals. These capsules are only examples of the breaches that have occurred, according to the report -- the actual number of breaches is larger.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2008About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024