April 10, 2020
GAO: Federal agencies fall short on use of NIST cyber framework to protect critical industries
The Government Accountability Office is recommending steps federal agencies should take to demonstrate use of the National Institute for Standards and Technology’s cybersecurity framework for protecting critical infrastructure sectors.
“GAO is making ten recommendations -- one to NIST on establishing time frames for completing selected programs -- and nine to the [sector-specific agencies] to collect and report on improvements gained from using the framework. Eight agencies agreed with the recommendations, while one neither agreed nor disagreed and one partially agreed....