New GAO Report of Interest on DoD Cybersecurity
The Government Accountability Office (GAO) yesterday issued a new report of interest to the defense acquisition workforce entitled “GAO-22-105259 Defense Cybersecurity: Protecting Controlled Unclassified Information Systems”.
According to the GAO, “many of DOD's computer systems contain sensitive information that is unclassified but must be protected from public disclosure—known as Controlled Unclassified Information (CUI). CUI can be vulnerable to cyber attacks. We analyzed DOD's data and found that while the DOD components have taken actions to implement cybersecurity requirements for CUI systems, none of the components were fully compliant. DOD requires 100% compliance. DOD's Office of the Chief Information Officer recently issued guidance to the services reiterating the importance of implementing CUI requirements. Cybersecurity has been on our High Risk list since 1997.”
According to the GAO, “many of DOD's computer systems contain sensitive information that is unclassified but must be protected from public disclosure—known as Controlled Unclassified Information (CUI). CUI can be vulnerable to cyber attacks. We analyzed DOD's data and found that while the DOD components have taken actions to implement cybersecurity requirements for CUI systems, none of the components were fully compliant. DOD requires 100% compliance. DOD's Office of the Chief Information Officer recently issued guidance to the services reiterating the importance of implementing CUI requirements. Cybersecurity has been on our High Risk list since 1997.”