The US Department of State must fully implement its cybersecurity risk program and take additional steps to better protect its IT network and systems, a 92-page report by the General Accounting Office (GAO) warns.

The State Department has completed the authorization process for less than half (44%) its nearly 500 information systems, and has yet to implement a department-wide continuous monitoring system.

On the positive side, the department has identified risk management roles and responsibilities and developed a cyber risk management strategy.