Inspector generals and GAO have made hundreds of recommendations to these agencies about deficiencies in security controls, but many have yet to be fully implemented.The U.S. Department of Health and Human Services, Food and Drug Administration and the Department of Veterans Affairs are among the 24 federal agencies with widespread security failures due to ineffective security programs, according to a new Government Accountability Office report.The majority of those organizations are struggling in five control areas: access controls, configuration management, segregation of duties, contingency planning and security management. In fact, the report found that most agencies lacked effective security program functions in the fiscal year 2016.Specifically, the FDA and HHS have a significant number of security control weaknesses that jeopardize the confidentiality, integrity and availability of its information systems and industry and public health data.

Source: Click here