Wednesday, June 7, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices

Researcher by Researcher
May 22, 2023
in Cybersecurity
0
Sentra Raises $30 Million for DSPM Technology
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


A new US Government Accountability Office (GAO) report shows that the Departments of Agriculture, Homeland Security (DHS), Labor, and the Treasury have not fully implemented six key cloud security practices for their systems.

According to the 60-page GAO report (PDF), only one agency fully implemented four practices for most of its systems, while three other agencies fully implemented three practices for their systems. The remaining practices, GAO says, were either partially implemented or not implemented at all.

Cloud security practices that were fully implemented for almost all systems, GAO says, include defining security responsibilities, documenting ICAM policies and procedures, and documenting procedures for incident response and recovery.

Partially implemented or not implemented cloud security practices include defining security metrics in a service level agreement (SLA), implementing continuous monitoring, and addressing FedRAMP requirements.

“Although the agencies developed a plan for continuous monitoring, they did not always implement their plans. In addition, […] agencies’ service level agreements did not consistently define performance metrics, including how they would be measured, and the enforcement mechanisms,” GAO notes.

According to the report, the federal agencies should fully implement all key cloud security practices to ensure that the confidentiality, integrity, and availability of information contained in their cloud systems is not at risk.

In its report, GAO makes 35 recommendations to implement these practices, noting that, while DHS has concurred with these recommendations, Agriculture, Labor, and the Treasury neither agree nor disagree with them.

Advertisement. Scroll to continue reading.

The Department of Agriculture, GAO says, needs to fully document the access authorizations for PaaS (platform-as-a-service) systems, to implement continuous monitoring for selected PaaS and SaaS (software-as-a-service) systems, define performance metrics in service level agreements with CSPs, provide the authorization letter to the FedRAMP PMO for its selected SaaS system, and require service providers to comply with FedRAMP security authorization requirements.

DHS needs to fully implement continuous monitoring for selected PaaS, SaaS, and IaaS (infrastructure-as-a-service) systems, to define performance metrics in service level agreements, implement the FedRAMP requirements for selected IaaS, PaaS, and SaaS systems, and to require service providers to comply with FedRAMP security authorization requirements.

The Department of Labor needs to implement continuous monitoring for selected PaaS and IaaS systems, define performance metrics in service level agreements, fully implement the FedRAMP requirements for selected IaaS, PaaS, and SaaS systems, to provide authorization letters to the FedRAMP PMO upon issuance of the authorization, and require service providers to comply with FedRAMP security authorization requirements.

The Department of the Treasury needs to define security responsibilities for selected SaaS systems, implement continuous monitoring for selected PaaS and SaaS systems, define enforcement mechanisms in service level agreements, implement the FedRAMP requirements, require service providers to comply with FedRAMP security authorization requirements, and document response and recovery procedures for selected SaaS systems.

Related: Majority of GAO’s Cybersecurity Recommendations Not Implemented by Federal Agencies

Related: Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns

Related: FCC Only Partially Improved Its Cybersecurity Posture, GAO Says



Source link

Related articles

CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
Sentra Raises $30 Million for DSPM Technology

KeePass Update Patches Vulnerability Exposing Master Password

June 6, 2023
Tags: agenciescloudFederalFullyGAOImplementKeypracticessecuritytells
Share76Tweet47

Related Posts

CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
0

North Korean threat group Kimsuky has recently launched a social engineering campaign against a number of experts specializing in North...

Sentra Raises $30 Million for DSPM Technology

KeePass Update Patches Vulnerability Exposing Master Password

June 6, 2023
0

Open source password manager KeePass was updated over the weekend to patch a vulnerability allowing attackers to retrieve the cleartext...

Zero-day MOVEit Transfer vulnerability exploited in the wild

Zero-day MOVEit Transfer vulnerability exploited in the wild

June 6, 2023
0

Shodan search engine results for internet-facing MOVEit instances. Image: Shodan The Cybersecurity & Infrastructure Security Agency has issued an alert...

New DDoS Attack Vector Abuses Content Filtering Systems

UNC4857 Exploits MOVEit Transfer Flaw in Data Extortion Attacks

June 6, 2023
0

A newly discovered threat campaign has been observed exploiting the recently uncovered, critical-severity MOVEit Transfer vulnerability in order to launch...

Sentra Raises $30 Million for DSPM Technology

Dozens of Malicious Extensions Found in Chrome Web Store

June 6, 2023
0

Security researchers recently identified more than 30 malicious extensions that had made their way into the Chrome web store, potentially...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Release date, price and more

Release date, price and more

June 7, 2023
CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
7 tips for spotting a fake mobile app

7 tips for spotting a fake mobile app

June 6, 2023
Sentra Raises $30 Million for DSPM Technology

KeePass Update Patches Vulnerability Exposing Master Password

June 6, 2023

Recent Posts

Release date, price and more

Release date, price and more

June 7, 2023
CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
7 tips for spotting a fake mobile app

7 tips for spotting a fake mobile app

June 6, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved