In November of 2015, the GAO identified “deficiencies” in the SEC’s internal controls over financial reporting. This new report is a more detailed followup with recommendations on specific actions.
In brief, the GAO mentions 15 prior recommendations that have not been fully implemented while recommending 6 additional actions to more “fully implement its information security program.” Additionally there is another report with limited distribution that includes 30 more actions to address weaknesses. The GAO states that the SEC concurred with the recommendations.
In response to the report, Pamela Dyson, CIO of the SEC, stated she was pleased the GAO found that the SEC had made progress, explaining the SEC is “committed to continuously strengthening our cyber security posture.” Dyson included the Commission’s response to the new recommendations. The document is embedded below.
[scribd id=310910647 key=key-2TTr648QKYsLKLvQNazQ mode=scroll]