During the pandemic, agencies have generally managed to secure networks for remote access, but a sampling of a dozen organizations revealed some cyber vulnerabilities were overlooked.

A recent Government Accountability Office report said the biggest needs for improvement were to assess all relevant IT security controls and enhancements, and fully document remedial actions as necessary. The agencies did better at documenting both their telework security policies, and relevant IT security controls and enhancements. Within agencies’ documentation, GAO looked for system security plans, the results of security control assessments, remedial action plans and whether or not agencies followed cybersecurity guidance from the National Institute of Standards and Technology — particularly SP 800-53.

“If agencies do not sufficiently document relevant security controls, assess the controls, and fully document remedial actions for weaknesses identified in security controls, they are at increased risk that vulnerabilities in their systems View GAO that provide remote access could […]