The Register: Three US agencies get failing grades for not following IT best practices

Aug 5, 2025

—

Source URL: https://www.theregister.com/2025/08/05/epa_dhs_gsa_get_failing_grades/
Source: The Register
Title: Three US agencies get failing grades for not following IT best practices

Feedly Summary: CIOs at the EPA, DHS, and GSA are called out for failure to implement critical cybersecurity recommendations
The Government Accountability Office (GAO) scolded a trio of federal agencies on Monday because their CIOs haven’t implemented IT-related recommendations designed to safeguard national cybersecurity. …

AI Summary and Description: Yes

Summary: The Government Accountability Office (GAO) has criticized CIOs from the Environmental Protection Agency (EPA), the Department of Homeland Security (DHS), and the General Services Administration (GSA) for their failure to adopt crucial cybersecurity measures. This situation highlights ongoing challenges in government IT security and the implication of non-compliance on national cybersecurity.

Detailed Description: The GAO’s reprimand of three major federal agencies underscores significant vulnerability in the realm of national cybersecurity due to unimplemented cybersecurity recommendations. This situation raises several concerns and insights:

– **Accountability in Government**: The report emphasizes the need for accountability among top officials in federal agencies, particularly concerning their cybersecurity responsibilities.

– **Importance of Cyber Recommendations**: The recommendations made by the GAO are intended to reinforce the cybersecurity posture of these agencies, which play critical roles in managing national security and public welfare.

– **Implications for National Security**: Failure to act on these recommendations can lead to increased cyber threats, data breaches, and operational disruptions, thereby endangering national security interests.

– **Challenge of Compliance**: This incident illustrates broader themes of compliance and governance within public agencies, where bureaucratic inertia may hinder the adoption of necessary security measures.

– **Call to Action for IT Leadership**: IT leaders in government sectors must prioritize cybersecurity initiatives and ensure that they align with national standards and rapidly evolving cyber threat landscapes.

This scenario serves as a reminder of the essential role that proactive cybersecurity management plays in safeguarding public infrastructure and maintaining citizen trust in government operations. Security professionals should consider this as an insight into the challenges faced by federal agencies and the importance of active compliance with established cybersecurity frameworks.

2 2025 5 a account accountability Act administration adoption age Agency AGI AI and API art as at ated Best best practices Bi breach breaches by C CERN challenge challenges CI CIA co Col compliance compliance and governance concerns core critical cyber cyber threat cyber threat landscape cyber threats cybersecurit Cybersecurity cybersecurity framework cybersecurity frameworks Cybersecurity initiatives cybersecurity management cybersecurity measures cybersecurity posture cybersecurity recommendations D data data breach Data breaches day de Department of Homeland Security design DHS disruption e ELF end environment environmental Environmental Protection Agency face fail federal agencies following for framework frameworks g Gen general General Services Administration GIS Go governance government government accountability Government Accountability Office government operations grade gs H high Highlight Homeland Security HR http HTTPS implications in incident Inforce infrastructure initiatives insights inter io iOS Iron J k l land leadership led Li lm low M made man management measures mini N nation national cybersecurity national security national security interests NGO NIST no non o of off on ons operation operational operational disruption operational disruptions operations opt oS out over per play post practices pro proactive proactive cybersecurity professionals protection ps public public infrastructure public welfare R Raise rate RCE re real recommendations report Ro Role RoT Rust s safe sec sector security security framework security frameworks security initiatives security management security measure security measures security posture security professionals security recommendations security responsibilities service services side Sig size sizes source SSE standards T ted the threat threat landscape threat landscapes threats to Tor TP trust under up US use V vulnerability welfare Wi z Zen