Tuesday, June 17, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Governance, Risk & Compliance Security Bloggers Network 

Home » Cybersecurity » Governance, Risk & Compliance » Federal Agencies’ Digital Security Programs Need Work, Risk Assessments Reveal

SBN

Federal Agencies’ Digital Security Programs Need Work, Risk Assessments Reveal

by David Bisson on June 11, 2018

On 11 May 2017, President Trump issued the Executive Order, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This directive, among other things, identified agency heads as those who are ultimately responsible for managing cybersecurity risk within executive departments.

In service of that purpose, the White House specified in its order that federal agency heads must use the NIST’s Cybersecurity Framework to manage their agency’s digital security risk. It also required agency heads to submit a risk management report to the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) within 90 days of the Executive Order’s date of issuance.

Techstrong Gang Youtube
AWS Hub

OMB and DHS received risk management assessments from 96 civilian agencies. Together, the two government bodies evaluated the reports across 76 metrics to measure the agencies’ preparedness for identifying, detecting, responding to and recovering from digital security incidents. They then presented their findings in their joint Federal Cybersecurity Risk Determination Report and Action Plan to the President of the United States (Risk Report), which they published on 30 May 2018.

Overall, OMB and DHS found that federal agencies’ digital security programs need work. Of the 96 agencies that submitted reports, just 25 of them were adequately managing risk across the enterprise. The remaining 71 agencies (or 74 percent of participants) had digital security programs that were either at risk or at high risk, meaning they were ill-equipped to investigate how threat actors could access their information and to make wise digital security investments.

The Risk Report tied this evaluation to four main findings. These were as follows:

Finding One: Limited Situational Awareness

First and foremost, OMB and DHS observed in their review that agencies possess limited situational awareness of the threats in their environments. They found that those charged with defending agency networks don’t have (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/government/federal-agencies-digital-security-programs-need-work-risk-assessments-reveal/

June 11, 2018June 11, 2018 David Bisson Compliance, Featured Articles, Federal, government, risk
  • ← Women in Information Security: Avi
  • Banks Highly Vulnerable to Inside Attacks →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Meta AI is a ‘Privacy Disaster’ — OK Boomer
Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
File Data: The Hidden Ransomware Threat Costing Enterprises Millions
Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management
LLM vector and embedding risks and how to defend against them
DNS Rebind Protection Revisited
News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale
Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them
Guardrails Breached: The New Reality of GenAI-Driven Attacks

Industry Spotlight

Washington Post Journalists’ Microsoft Email Accounts Hacked
Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Washington Post Journalists’ Microsoft Email Accounts Hacked

June 16, 2025 Jeffrey Burt | Yesterday 0
Meta AI is a ‘Privacy Disaster’ — OK Boomer
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches 

Meta AI is a ‘Privacy Disaster’ — OK Boomer

June 13, 2025 Richi Jennings | 3 days ago 0
Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
Analytics & Intelligence Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?

June 10, 2025 Richi Jennings | Jun 10 0

Top Stories

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

June 13, 2025 Jeffrey Burt | 3 days ago 0
BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says
Application Security Cloud Security Cybersecurity Data Security Featured IoT & ICS Security Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

BADBOX 2.0 Botnet Infects Million-Plus Devices, FBI Says

June 9, 2025 Jeffrey Burt | Jun 09 0
Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI
Cloud Security Cyberlaw Cybersecurity Data Security DevOps Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Trump EO Takes Aim at Biden, Obama Provisions for Identity, Sanctions, AI

June 9, 2025 Jeffrey Burt | Jun 09 0

Security Humor

Randall Munroe’s XKCD ‘Alert Sound’

Randall Munroe’s XKCD ‘Alert Sound’

Download Free eBook

Managing the AppSec Toolstack

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×