Included in the lawsuit were claims that Georgia Tech's Astrolavos Lab, which was tasked to focus on national security-impacting cybersecurity issues, did not create and adopt a Defense Department-compliant cybersecurity plan from May 2019 to February 2020, with later implementation marred by inadequate scoping.
Aside from mandating the identification and evaluation of cybersecurity gaps in networks involved in the operations of airplanes, engines, and propellers, organizations in the aviation sector would also be required to establish cyberattack response procedures for pilots and mitigate IUEI risks under the proposed rules.
Aside from pushing for increased OMB oversight over the utilization of FedRAMP across agencies, which would strengthen cloud-stored data security, the GAO also called for the development of federal guidelines on data inventory management.