The Office of Management and Budget (OMB) published its Fiscal Year 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 (FISMA). The document includes data reported by agencies to OMB and the Department of Homeland Security Cybersecurity and Information Security Agency (CISA). The report highlights government-wide cybersecurity programs and initiatives, and federal agencies’ progress to enhance federal cybersecurity over the past year and into the future. In FY18, federal agencies reported 31,107 incidents, which is a 12% decrease from FY17. While the number of incidents has decreased, several large agencies continue to be at risk for cyberattacks. The most at risk agencies are the departments of Energy and Health and Human Services, EPA, FCC, and FTC. Email-based threats are the most prevalent means of cyberattack. And the main deficiencies are lack of data protection, inconsistent application of software security fixes, lack of strong authentication requirements for accessing systems, and absence of continuous monitoring of systems.
Federal Information Security Modernization Act (FISMA) FY2018 Report