The Government Accountability Office (GAO) reported that among 23 federal agencies, only three have fully implemented event logging requirements for incident investigation and remediation. As of August 2023, 17 agencies were classified as ‘not effective,’ and three were at the basic level. This lack of implementation impedes the government’s ability to detect, investigate, and address cyber threats adequately. The affected agencies include several prominent departments, and despite efforts to use endpoint detection, services from the US cybersecurity agency CISA, and third-party resources, the majority have yet to achieve event logging maturity. Challenges such as staff shortages, technical limitations, and restricted threat information sharing contributed to this delay. GAO has issued 20 recommendations to 19 agencies to address these deficiencies, with most agencies either agreeing or having no definitive stance on the suggestions.

Read more: https://www.securityweek.com/gao-federal-agencies-yet-to-fully-implement-incident-response-capabilities/