Federal Cybersecurity After the OPM Data Breach: Have Agencies Learned their Lesson?

PURPOSE:

• To examine information security programs and management at the Department of Agriculture, the National Aeronautics and Space Administration (NASA), and the Social Security Administration.
• To examine these agencies’ compliance with the Federal Information Security Management Act (FISMA) and Federal Cybersecurity Enhancement Act.

BACKGROUND:

• In July, the Committee sent letters to the 24 federal agencies, the Executive Office of the President, the Office of the Director of National Intelligence, and the Central Intelligence Agency requesting the results of each penetration test and red team exercise conducted, a list of major incidents at the agencies, and any outstanding elements of the agencies’ FISMA report.
• In September, the Committee released a report detailing its investigation into the data breaches at the Office of Personnel Management.