Information Technology: Continued Implementation of High-Risk Recommendations Is Needed to Better Manage Acquisitions, Operations, and Cybersecurity, Statement of David A. Powner, Director Information Technology Management Issues, Testimony Before the Subcommittees on Government Operations and Information Technology, Committee on Oversight and Government Reform, House of Representatives

摘要

The federal government plans to invest almost $96 billion in IT [information technology] in fiscal year 2018. Historically, IT investments have too often failed or contributed little to mission-related outcomes. Further, increasingly sophisticated threats and frequent cyber incidents underscore the need for effective information security. As a result, GAO [Government Accountability Office] added two areas to its high-risk list: IT security in 1997 and the management of IT acquisitions and operations in 2015. This statement summarizes agencies' progress in improving IT management and ensuring the security of federal IT. It is primarily based on GAO's prior reports issued between February 1997 and May 2018 (and an ongoing review) on (1) CIO [Chief Information Officer] responsibilities, (2) agency CIOs' involvement in approving IT contracts, (3) data center consolidation efforts, (4) the management of software licenses, and (5) compliance with cybersecurity requirements. From fiscal years 2010 through 2015, GAO made about 800 recommendations to OMB [Office of Management and Budget] and federal agencies to address shortcomings in IT acquisitions and operations. Since 2010, GAO also made about 2,700 recommendations to federal agencies to improve the security of federal systems. These recommendations include those to improve the implementation of CIO responsibilities, the oversight of the data center consolidation initiative, software license management efforts, and the strength of security programs and technical controls. Most agencies agreed with these recommendations, and GAO will continue to monitor their implementation.