Updated on 2022-09-23: GAO Audit Finds Cybersecurity Shortcomings at NNSA
A report from the US Government Accountability Office (GAO) says that “the National Nuclear Security Administration (NNSA) and its contractors have not fully implemented six foundational cybersecurity risk practices in its traditional IT environment. NNSA also has not fully implemented these practices in its operational technology and nuclear weapons IT environments.” GAO made nine recommendations for NNSA, including implementing an IT continuous monitoring strategy and improving subcontractor cybersecurity monitoring.
Read more in
- Nuclear Weapons Cybersecurity: NNSA Should Fully Implement Foundational Cybersecurity Risk Management Practices
- Nuclear Weapon Development and Manufacturing Needs More Cybersecurity, Watchdog Says
- Watchdog report identifies cybersecurity failings at National Nuclear Security Administration
Overview: NNSA cyber review
The US Government Accountability Office (GAO) has published a review of the cybersecurity practices of the National Nuclear Security Administration (NNSA), the US government agency that manages the country’s nuclear weapons arsenal. GAO said that despite federal laws mandating a cybersecurity management program, the NNSA and its contractors haven’t fully implemented most of six major cybersecurity practices. Read more: US Nuclear Security Administration criticized by watchdog over cybersecurity failures