About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-25-10869 1 (April 11, 2025)

handle is hein.gao/pyopenons0001 and id is 1 raw text is: G A O U.S. GOVERNMENT ACCOUNTABILITY OFFICE 441 G St. N.W. Comptroller General Washington, DC 20548 of the United States April 11, 2025 The Honorable Marco Rubio Secretary of State U.S. Department of State 2201 C Street, NW Washington, DC 20520 Priority Open Recommendations: Department of State Dear Secretary Rubio: Congratulations on your appointment. The purpose of this letter is to call your personal attention to three areas based on GAO's past work and 13 open priority recommendations, which are enclosed.1 Additionally, there are 619 other open recommendations that we will continue to work with your staff to address. We are highlighting the following areas that warrant timely and focused attention. Specifically: Addressing weaknesses in cybersecurity. State has not fully implemented its program to identify and monitor risk to assets and the information maintained on its systems. As we reported in September 2023, until the department implements required risk management activities, it lacks assurance that its security controls are operating as intended.2 Moreover, State is likely not fully aware of information security vulnerabilities and threats affecting mission operations. GAO recommends that State take several actions, including (1) mitigating known vulnerabilities, (2) conducting bureau-level risk assessments for the 28 bureaus that owned information systems that GAO reviewed, (3) ensuring that its information systems have valid authorizations to operate in accordance with department policies and federal guidance, (4) ensuring that the Chief Information Officer (CIO) has access to assets at bureaus and posts to continuously monitor for threats and vulnerabilities that may affect mission operations, (5) ensuring that all system contingency plans for high value assets are tested annually as required by department policies, and (6) directing the CIO to update an October 2020 matrix to better ensure compliance with applicable department policies and federal guidance. In addition, there are about 500 recommendations related to technical security control deficiencies in State's IT infrastructure that also warrant attention. 1GAO considers a recommendation to be a priority if, when implemented, it may significantly improve government operations, for example, by realizing large dollar savings; eliminating mismanagement, fraud, and abuse; or making progress toward addressing a high-risk or duplication issue. 2GAO, Cybersecurity: State Needs to Expeditiously Implement Risk Management and Other Key Practices, GAO-23- 107012 (Washington, D.C.: Sept. 28, 2023). GAO-25-108069 State Priority Recommendations Page 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most