GAO: DHS and selected agencies need to address cybersecurity shortcomings
The US Government Accountability Office (GAO) reviewed how 3 agencies—the Federal Aviation Administration, Indian Health Service, and the Small Business Administration—used cybersecurity tools that identify the hardware and software on their networks and check for vulnerabilities and insecure configurations.
As depicted in the figure, the program relies on automated tools to identify hardware and software residing on agency networks. This information is aggregated and compared to expected outcomes, such as whether actual device configuration settings meet federal benchmarks. The information is then displayed on an agency dashboard and federal dashboard.