The Defense Department’s software development approaches are helping to avoid cost increases and schedule delays for many major information technology systems, but uneven implementation of cybersecurity best practices may be introducing risk to these programs, according to a watchdog report.
In the first of a series of annual reviews of major Defense IT systems, the Government Accountability Office (GAO) examined 15 business and non-business DoD IT programs and found 10 programs had schedule delays, including one 5-year delay. Eleven had decreased cost estimates as of December 2019, according to the audit, which was released to the general public just before the holidays.
While GAO didn’t make any specific recommendations in the audit, DoD in its comments said the audit “highlight[s] opportunities for continued improvement to acquiring IT capabilities.”
The main challenge for DoD’s major IT systems is the agency’s mixed record on incorporating cybersecurity best practices.
While all 15 programs are using cybersecurity strategies, only eight conducted cybersecurity vulnerability assessments, which help determine whether security measures are strong enough. In addition, 11 of the 15 programs conducted operational cybersecurity testing, but only six conducted developmental cybersecurity testing.
Keep reading this article at: https://www.nextgov.com/it-modernization/2021/01/10-15-dods-major-it-projects-are-behind-schedule-gao-found/171155/