General Services Administration (GSA) plans to develop an online marketplace to measure and monitor data protection efforts will need to be further developed to prevent data misuse, the Government Accountability Office (GAO) said in a new report.
After a separate GAO report in 2018, the GSA developed an online marketplace program to make it easier for federal agencies to purchase off-the-shelf products, and began testing the program. Since then, 13 agencies have signed up as testers and GSA has contracted with three online marketplace providers.
“Marketplace vendors can view government purchasing and vendor data, but are not permitted to use it for marketing, pricing, or other business purposes,” GAO wrote. “We found that the GSA’s plans to oversee data protection may not completely prevent data misuse. “
According to GAO’s findings, the GSA has established initial metrics to measure program implementation, but has yet to create a comprehensive plan with clear goals or timelines to assess program progress.
“Establishing a comprehensive plan that outlines the goals and timelines for each measure will better position the GSA to measure whether the program is being implemented successfully or whether the program needs to be changed before it is ultimately rolled out to the entire company. government, as is the current plan, ”GAO wrote.
Additionally, the GSA has developed a plan to monitor each platform vendor’s compliance with government and vendor data protection requirements, however, areas of compliance have not been addressed and some actions in the plan may does not effectively prevent unauthorized activity, GAO said.
The GAO made two recommendations to the GSA, including establishing a plan with goals and timelines to measure program implementation, and developing its monitoring plan with specific actions to ensure that platform providers comply with data protection requirements. The GSA agrees with both recommendations.