The United States Government Accountability Office (“GAO”) released a report assessing the SEC’s information security controls as part of its audit of the SEC’s financial statements from fiscal years 2013 and 2012.
The report noted that, while the SEC had implemented and made progress in strengthening information security controls, weaknesses limited their effectiveness in protecting the confidentiality, integrity and availability of a key financial system. The report noted further that the information security weaknesses existed because the SEC did not sufficiently oversee and manage the implementation of information security controls during the migration of this key financial system to a new location.
GAO recommended that the SEC take action to (i) more effectively oversee contractors performing security-related tasks and (ii) improve risk management.
In a separate report for limited distribution, GAO will make specific recommendations to address weaknesses in security controls.
See: GAO Report.