{"id":216226,"date":"2026-05-18T16:06:00","date_gmt":"2026-05-18T20:06:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/18\/usda-ai-systems-lack-key-cybersecurity-controls-oig-finds-meritalk\/"},"modified":"2026-05-19T05:20:19","modified_gmt":"2026-05-19T09:20:19","slug":"usda-ai-systems-lack-key-cybersecurity-controls-oig-finds-meritalk","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/18\/usda-ai-systems-lack-key-cybersecurity-controls-oig-finds-meritalk\/","title":{"rendered":"USDA AI Systems Lack Key Cybersecurity Controls, OIG Finds \u2013 MeriTalk"},"content":{"rendered":"<p><a href=\"https:\/\/www.meritalk.com\/articles\/usda-ai-systems-lack-key-cybersecurity-controls-oig-finds\/\">USDA AI Systems Lack Key Cybersecurity Controls, OIG Finds \u2013 MeriTalk<\/a><\/p>\n<p><a href=\"https:\/\/www.meritalk.com\/articles\/usda-ai-systems-lack-key-cybersecurity-controls-oig-finds\/\">https:\/\/www.meritalk.com\/articles\/usda-ai-systems-lack-key-cybersecurity-controls-oig-finds\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 16:06:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.meritalk.com\">www.meritalk.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. The U.S. Department of Agriculture (USDA) does not entirely meet artificial intelligence (AI) cybersecurity and governance control requirements for its critical AI systems, leaving the agency vulnerable to cyber threats, the department\u2019s Office of Inspector General (OIG) said.\u00a0<br \/>\nAs the federal\u00a0government\u00a0expands its use of AI,\u00a0\u00a0the White House\u2019s\u00a0Office of\u00a0Management and Budget (OMB) directed agencies to\u00a0adopt formal AI governance\u00a0measures.\u00a0Those measures include AI strategies, compliance plans, AI inventories, and\u00a0risk management standards\u00a0for high-impact AI systems.\u00a0<br \/>\nUSDA rules also require all IT systems to obtain an authorization to operate (ATO) and maintain cybersecurity records in its cybersecurity tracking system, CSAM. \u00a0<br \/>\nHowever, the USDA OIG said in a\u00a0report\u00a0last week that the department failed to completely meet all of those mandates.\u00a0<br \/>\nWhile some goals were met, the OIG said USDA\u00a0did not\u00a0update agency policies and develop a generative AI policy by December 2025, and\u00a0it\u00a0did not implement minimum risk management practices for its critical AI systems by OMB\u2019s April 2026 deadline.\u00a0<br \/>\nThe OIG said\u00a0the department had prioritized\u00a0AI implementation over cybersecurity and governance controls. \u201cAs a result, USDA AI technologies could be vulnerable and lack critical security controls, leaving the agency susceptible to data breaches or reputational harm,\u201d the report\u00a0stated.\u00a0<br \/>\n\u201cWhile there are benefits to implementing AI, AI technologies pose risks that can negatively impact individuals, groups, and organizations,\u201d the OIG\u2019s report said.\u00a0\u201cWithout proper controls, AI systems can amplify, perpetuate, or exacerbate undesirable outcomes for individuals and organizations.\u201d\u00a0<br \/>\nOIG\u00a0auditors found widespread failures in AI cybersecurity compliance. Seventy-three of\u00a0the 82 AI use cases lacked\u00a0ATOs and\u00a0were not\u00a0recorded\u00a0in\u00a0CSAM. Of the nine AI systems with ATOs, two were missing\u00a0required\u00a0security documentation.\u00a0<br \/>\nThe OIG noted that under federal law and USDA policy, all IT and AI systems must undergo security assessments and continuous monitoring before deployment.\u00a0<br \/>\n\u201cUSDA will continue to implement AI technologies to support its mission and improve service to the American people. It is imperative that governance and cybersecurity controls over AI activities are top priorities,\u201d the OIG said.\u00a0<br \/>\nUSDA also does not have a complete AI inventory. While the department identified 82 operational AI use cases for its 2024 inventory, it solely relied on annual self-reporting exercises. Therefore, the inventory could not be verified as complete and accurate, the OIG said.\u00a0<br \/>\n\u201cWhen the primary governance method is self-reporting, it can create a false sense of security that can lead to inaccurate inventory of AI tools, which can contribute to instances of Shadow AI \u2026 not mitigating the risk of Shadow AI could lead to systems on the network that USDA is not aware of, which could result in data leakage,\u201d the OIG said.\u00a0<br \/>\nThe USDA Office of the Chief Information Officer agreed to overhaul the department\u2019s AI governance and cybersecurity practices according to the OIG\u2019s findings. Planned changes include\u00a0mandatory\u00a0impact assessments, updated IT and AI policies,\u00a0a continuously\u00a0maintained AI inventory,\u00a0and new approval processes requiring risk assessments and security reviews.\u00a0<br \/>\nUSDA said it\u00a0aims\u00a0to complete the reforms between June and December 2026.\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>USDA AI Systems Lack Key Cybersecurity Controls, OIG Finds \u2013 MeriTalk https:\/\/www.meritalk.com\/articles\/usda-ai-systems-lack-key-cybersecurity-controls-oig-finds\/ Publish Date: 2026-05-18&#8230;<\/p>\n","protected":false},"author":1,"featured_media":216228,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.meritalk.com\/wp-content\/uploads\/2016\/11\/USDA.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24],"class_list":["post-216226","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216226"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216226"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216226\/revisions"}],"predecessor-version":[{"id":216229,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216226\/revisions\/216229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216228"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}