Wednesday, October 17, 2018
  • Apple, Microsoft, and Google Drop Support for TLS 1.0 and TLS 1.1
  • GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach
  • Making Sense of the Senseless AI in Cybersecurity
  • People: The Critical Element in DevSecOps
  • Avast scores high in malware protection | Avast

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » Federal Agencies Fell Short in Assessments of Cybersecurity Employees, Finds Report

Federal Agencies Fell Short in Assessments of Cybersecurity Employees, Finds Report

by David Bisson on June 25, 2018

The skills gap poses a persistent challenge to organizations. Enterprises need a qualified workforce if they are to adequately defend against digital threats. This is true for every industry and is especially so for the public sector.

Acknowledging that fact, Congress enacted the Federal Cybersecurity Workforce Assessment Act (Act) in 2015. This piece of legislation requires the Office of Personnel Management (OPM) to develop a coding structure under the National Initiative for Cybersecurity Education (NICE) for cybersecurity positions and create procedures that facilitate the coding structure’s implementation for civilian cybersecurity positions. It also stipulates that 24 agencies covered by the Chief Financial Officers (CFO) Act must submit baseline assessments of their workforces and establish processes to apply OPM’s coding structure to their workforces.

Most of the CFO Act agencies submitted baseline assessments. In an effort to examine the OPM’s coding procedures and understand the progress of the Act’s implementation, the U.S. Government Accountability Office (GAO) reviewed the baseline assessments and coding procedures from the reporting agencies. It also interviewed personnel at both the OPM and the CFO Act agencies and published its findings in a report to congressional committees.

What it learned was less than encouraging.

Of the 24 CFO Act agencies that were required to submit baseline assessments, 21 of them complied with the Act and sent their analyses to Congress. Three agencies—the Department of Homeland Security, the U.S. Department of Housing and Urban Development and the Small Business Administration—did not submit assessments due to a lack of tools and resources, among other reasons. Even then, four of the agency assessments didn’t contain all relevant information, namely, they didn’t discuss the level of preparedness of employees without certifications to take certification exams. Additionally, one agency failed to discuss in its assessment how it planned to mitigate certification (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/government/federal-agencies-fell-short-in-assessments-of-cybersecurity-employees-finds-report/

June 25, 2018June 25, 2018 David Bisson certifications, Cybersecurity, Featured Articles, Federal, government
  • ← Making Continuous HIPAA Compliance Easy with ExpertOps
  • Cybersecurity Tips for Conveyancers and Solicitors using PEXA →
Featured Blog

Secure Code Warrior

Why financial institutions are leading the charge to upskill their developers in secure coding

Secure Code Warrior

Why SQL Injections Are The Cockroaches of the AppSec World (and how CISOs can eradicate them once and for all)

Secure Code Warrior

A Brighter Future For DevSecOps? It’s Closer Than You Think

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Five Eyes Cybersecurity Agencies Release Report on Hacking Tools
Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
5 Tips to Ensure a Secure Cloud Migration
ACT Quickly to Ensure Data Security
Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say
Supply Chain Security 101: An Expert’s View
Millions of Rewarding Jobs: Educating for a Career in Cyber Security
Artificial Intelligence and Machine Learning: The Most Effective Weapons Against Ransomware
How to check if your Facebook account was hacked and what the hackers have on you
Threat Announcement: Phishing Sites Detected on Emoji Domains

Upcoming Webinars

Thu 18

Building Blocks of Secure Development: How to Make Open Source Work for You

October 18 @ 11:00 am - 12:00 pm
Mon 29

Seeing Red: Understanding Red Team Security

October 29 @ 1:00 pm - 2:00 pm
Wed 31

Beyond S3 Buckets – Effective Countermeasures for Emerging Cloud Threats

October 31 @ 11:00 am - 12:00 pm
Nov 07

Operationalizing Data For Fraud Investigations

November 7 @ 1:00 pm - 2:00 pm
Nov 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm
Dec 13

Year-End Review/Predictions

December 13 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Main Pillars of The DevOps Toolchain

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Making Sense of the Senseless AI in Cybersecurity
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) 

Making Sense of the Senseless AI in Cybersecurity

October 17, 2018 Dustin Hillard | 4 hours ago 0
ACT Quickly to Ensure Data Security
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

ACT Quickly to Ensure Data Security

October 16, 2018 Arshad Noor | Yesterday 0
5 Tips to Ensure a Secure Cloud Migration
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

5 Tips to Ensure a Secure Cloud Migration

October 15, 2018 Gilad David Maayan | 2 days ago 0

Top Stories

Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say
Endpoint Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say

October 16, 2018 Lucian Constantin | Yesterday 0
Five Eyes Cybersecurity Agencies Release Report on Hacking Tools
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

Five Eyes Cybersecurity Agencies Release Report on Hacking Tools

October 15, 2018 Lucian Constantin | 1 day ago 0
Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya

October 12, 2018 Lucian Constantin | 4 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.