US federal agencies have made progress in implementing mature incident response plans, but many are still steps away from fully achieving this goal, a new report from the Government Accountability Office shows.
According to GAO's report, out of 23 federal agencies, only three have implemented full investigation and remediation requirements.
As of August 2023, 17 of them were at the 'not effective' level, while three were meeting the basic level.
The event logging requirements, GAO explains, ensure that federal agencies can track cybersecurity incidents and that they can appropriately retain and manage the tracking logs.
GAO's investigation into the 23 federal agencies' incident investigation and remediation preparedness shows that they use endpoint detection and similar software, services provided by the US cybersecurity agency CISA and third-parties, and internal resources, and that they have taken steps to standardize their incident response plans.
As of August 2023, all agencies have incorporated or are incorporating CISA's playbook for vulnerability and incident response for agency information systems, and all have started deploying software tools for incident response, but only three have reached event logging maturity, in line with the Office of Management and Budget's M-21-31 memorandum.
The federal agencies were supposed to reach the maturity level by August 2023, but lack of staff, technical challenges, and limitations in threat information sharing were cited as the main causes for falling behind, GAO says.
GAO has made 20 recommendations to 19 agencies to fully implement logging requirements.
Sixteen agencies have agreed with the recommendations, while three neither agreed nor disagreed.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 06 Dec 2023 15:28:05 +0000