The report identified commercially available technology, reviewed laws and policies on sensitive information, and examined 24 federal agencies. The report recommends that Office of Management and Budget (OMB) policies be clarified and that selected agencies strengthen their efforts.
The GAO found that the extent to which 24 major federal agencies reported that they have implemented encryption and developed plans to implement encryption of sensitive information varied across agencies.
From July through September 2007, the major agencies collectively reported that they had not yet installed encryption technology to protect sensitive information on about 70 percent of their laptop computers and handheld devices. Additionally, agencies reported uncertainty regarding the applicability of OMB’s encryption requirements for mobile devices, specifically portable media.
Congressman Thompson released the following statement with the release of the report:
Congresswoman Lofgren added the following statement:Encryption is not an option, it is a mandate. Unfortunately, I’m not surprised that despite mandates by OMB, the Federal government is only 30% of the way there,” said Thompson. “This Administration regularly falls short when it comes to addressing our information security weaknesses. Making the right investments in cybersecurity today will keep us from paying dearly in the long run.
The GAO report clearly illustrates that federal agencies lag far behind the private sector in protecting and encrypting data,” noted Rep. Zoe Lofgren (D-CA). “As one of Silicon Valley’s elected representatives, I’m concerned that our government is not moving fast enough in its efforts to secure its systems and procedures. While we’ve seen some improvement, the executive branch still has quite a way to go to secure its systems and data.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.