While the report recognized the unprecedented progress in FY2015 to strengthen federal cybersecurity, it said additional work remains to improve the defense of federal systems, networks and data from persistent threats and increasingly sophisticated malicious activity.

"To address this challenge, the federal government must take action to combat increasingly sophisticated and persistent threats posed by malicious actors," the report read.

Additionally, independent evaluations of information security programs and practices conducted by agency inspectors general identified several performance areas in need of improvement, including configuration management, identity and access management and risk management practices.

Senior Agency Official for Privacy reviews also found that federal agencies must continue to take steps to analyze and address privacy risks and ensure privacy protections are in place throughout systems' lifecycles.

During FY 2015, federal agencies reported 77,183 cybersecurity incidents, a 10% increase over the 69,851 incidents reported in FY 2014. The increasing number and impact of these incidents demonstrate that continuously confronting cyberthreats must remain a strategic priority.

According to the report, agencies scored an average of 72% in ability to detect unauthorized hardware, 74% in anti-phishing defenses and 52% in information security continuous monitoring vulnerability management capabilities.

During FY 2015, OMB Cyber increased its oversight role and agency engagement through the CyberStat Review process. The purpose of the CyberStat Review is to accelerate progress toward achieving FISMA and cross agency priority goals by reviewing the progress of selected agencies, developing actionable plans, providing targeted assistance and following up throughout the year.

The report primarily includes FY 2015 data reported by agencies to OMB and DHS on or before Nov. 16, 2015. Since the cutoff date, the administration announced the Cybersecurity National Action Plan in February, which directed the federal government to take actions to increase cybersecurity. President Barack Obama also proposed the 2017 budget would include $19 billion to improve federal IT security, such as replacing severely outdated systems.

The report contained no mention of the 2015 OPM breach. In June and July of 2015, the OPM discovered two separate but related cybersecurity breach incidents, which exposed the personal data of current and former Federal government employees, contractors and others. The OPM blamed the attack on Chinese hackers.

Last November the fiscal 2015 audit from the OPM's Office of the Inspector General reported the agency is vulnerable to another cyberattack, as it continued to struggle to meet many requirements under FISMA.

"We continue to believe that (the) OPM's management of system authorizations represents a material weakness in the internal control structure of the agency's IT security program," Michael R. Esser, assistant inspector general for audits, said in that report.