In a Federal Information Security Modernization Act of 2014 report filed with Congress last week, the White House says the number of cybersecurity incidents recorded at US federal agencies in 2019 went down by 8 percent.

Cybersecurity threats facing the Federal Government and the US reinforce the need for strengthening the digital defense of the country's information technology (IT) environment, notes the report, and America's infrastructure, both public and private, continues to be a top target of malicious cyber actors intent on disrupting the geopolitical and socioeconomic stability and prosperity of the United States. This persistent threat is a constant reminder that effective cybersecurity is required by all organizations - public and private - to identify, prioritize, and manage cyber risks across their enterprise, says the report. 

Agencies reported 28,581 cybersecurity incidents in FY 2019, an 8 percent decrease over the 31,107 incidents that agencies reported in FY 2018. The decline in incidents is correlated with the continued maturation of agencies' information security programs. In FY 2019, a total of 72 agencies received an overall rating of "Managing Risk" in the annual cybersecurity Risk FISMA FY 2019 Annual Report to Congress s Management Assessment (RMA) process, up from 33 agencies in FY 2017 and 62 agencies in FY 2018. However, this decline in incidents reported in no way indicates a reduction in the cybersecurity threat posed to the Federal Government. 

This report highlights that Fiscal Year (FY) 2019 has "begun to show the cybersecurity improvements due to the decisive actions the Administration has taken to address high risk areas for the Federal Government," says the report. Updated policies around High Value Assets (HVAs), Trusted Internet Connections (TIC), and Identity Credential and Access Management (ICAM) have been coupled with Department of Homeland Security (DHS) programs and directives to empower agencies to mitigate risks across the Federal Government.

The agency notes that further efforts are underway to further enhance cybersecurity in the areas of supply chain risk, Security Operations Center (SOC) maturation, and third party privacy risk. As progress continues, the executive and legislative branch must continue its collaboration to confirm there is sustained momentum for addressing these critical capability gaps, claims the agency. 

For the full report, visit