GAO report says additional actions are ‘essential’ for assessing NIST framework adoption

Sector-specific agencies lack the data to comprehensively understand adoption of the federal framework of cybersecurity standards by entities within their covered critical infrastructure sectors, according to a new Government Accountability Office report, which says SSAs lack the metrics to adequately determine use of the framework.

“Until SAAs have a more comprehensive understanding of the use of the cybersecurity framework by entities within the critical infrastructure sectors, they will be limited in their ability to understand the success of protection efforts...