Completion of an organization-wide cybersecurity risk assessment process at the Environmental Protection Agency is expected by Nov. 22, more than six years after such a mechanism was recommended by the Government Accountability Office in an effort to better protect its IT systems and data from increasingly prevalent cybersecurity threats, FedScoop reports.
Aside from integrating several performance metrics gauging robust authentication, logging maturity, critical vulnerability remediation, and priority security control, the EPA's updated cyber risk assessment procedure will also include risk-scoring system changes to accommodate enterprise- and component-level risk scores, according to an EPA spokesperson.
"The procedures also include activities to consolidate the various cybersecurity dashboards into one overall dashboard that provides an executive level view of EPA's risk posture," said the spokesperson.
Such a development follows a GAO document noting the EPA's potential gaps in monitoring cyber risk trends and addressing systemic risks stemming from its lack of cyber risk evaluations.