The United States faces persistent and increasingly malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy. We worked with the Council of the Inspectors General on Integrity and Efficiency and other offices of inspector general to report on information security program trends across the government.
Federal agencies have strengthened the maturity of their information security programs on average in recent years. However, the share of agencies with an effective information security program has held around 60 percent. More actions are needed in key areas—supply chain risk management, cybersecurity risk management, and configuration management—to ensure that agencies' information security programs can deal with cybersecurity threats effectively.
