CIOs at the EPA, DHS, and GSA are called out for failure to implement critical cybersecurity recommendations

The Government Accountability Office (GAO) scolded a trio of federal agencies on Monday because their CIOs haven't implemented IT-related recommendations designed to safeguard national cybersecurity. 

The GAO flagged failures at the General Services Administration (GSA), Environmental Protection Agency (EPA), and Department of Homeland Security (DHS) in the three reports, with each guilty of not implementing more recommendations than the last. The DHS' CIO, in particular, has 43 unresolved recommendations from as far back as 2018, seven of which the GAO identified as priority matters. The GSA only has four outstanding items, while the EPA has 11. 

While the recommendation implementation failures vary per agency, a couple of commonalities emerged in all three reports, namely the GSA, EPA, and DHS' collective failure to properly log cybersecurity events and conduct annual IT portfolio reviews, both of which are required under various policies. 

Aside from those similarities, how the agencies have fallen ...