The number of government agencies actively exercising measures to account for their contractors’ handling of sensitive federal information is significantly lower than the number meeting other performance criteria in the Federal Information Security Management Act, the government’s main cyber compliance law.
The White House released its annual FISMA report to Congress Wednesday touting, “agencies continue to make significant progress in meeting cybersecurity targets” and crediting “key investments by the Trump Administration” for what it described as federal agencies’ improved ability to defend against cyberattacks.
Overall, as highlighted in the White House press release, 72 agencies received a rating of “managing risk” in the annual cybersecurity risk management assessment process, “up from 62 agencies in FY 2018 and up from 33 agencies when the process started in FY 2017.”
Total cybersecurity funding amounted to almost $17 billion for 2019, according to the report.
Though agencies’ compliance scores generally improved over last year, the report shows agencies need to work on holding contractors responsible for privacy requirements and implementing appropriate access management policies.
The report stresses the importance of accountability. In the context of workforce and training measures, it notes: “Federal agencies' privacy programs are required to play a key role in workforce management activities and holding agency personnel accountable for complying with applicable privacy requirements and managing privacy risks. This includes developing, maintaining, and providing agency-wide privacy awareness and training programs for all employees and contractors.”
According to a 2017 report by researchers at New York University’s Wagner School of Public Service, 40% of the government’s workforce consists of contractors.
While 100% of agencies had established rules of behavior for handling federal information, and ..