No. Those are high-level categories and metrics, not individual weaknesses. Like "Authentication". Number and severity of specific findings isn't linked. Could even not have found any specific time for those categories, just general laxness and failure to adhere to standards.
Shorter DOJ IG: The Admin side of DOJ has 2 cybersecurity weaknesses that, if revealed, would make them easy to pwn. So we're not going to tell you specifically how it fails 2 of 7 measures.https://twitter.com/JusticeOIG/status/981895343817281536 …
-
-
-
In the past, FISMA report results have been public (for example, that high level users don't have multi-factor authentication). So not releasing this deviates from practice in some parts of govt.
-
Yeah, makes sense
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.