The bottom line is that none of the 23 agencies audited fully implemented foundational risk management practices.
Article Link: https://www.nextgov.com/cybersecurity/2020/12/gao-issues-wake-call-report-agencies-lax-supply-chain-security-management/170836/