The Government Accountability Office (GAO) on April 17 provided updates on specific recommendations regarding cybersecurity and IT acquisition for the General Services Administration (GSA) and Office of Management and Budget (OMB), respectively.
GAO recommended that GSA cooperate with the Department of Homeland Security in consulting sector partners – like the Government Coordinating Council (GCC) and the National Institute of Standards and Technology – to develop a stronger understanding of the cybersecurity framework used by government entities and determine the optimal method for adopting that framework accurately.
The recommendation is being monitored by GAO, but GSA has begun working on it. In April 2018, GSA stated that it planned to recommend additional language to a sector-specific survey to GCC to determine the level and type of cybersecurity framework adoption.
Meanwhile, GAO recommended to OMB that it work on enhancing oversight of high-priority program outcomes to improve the management of IT acquisitions and operations, with direct Federal CIO involvement. OMB told GAO that the Federal CIO does not typically oversee individual IT programs because of the sheer quantity of programs. However, GAO cited precedent showing that oversight of troubled programs yields positive results.