"The implication in the inquiry is that some assessors may not be performing the assessments adequately or that they may be rubber stamping assessments," said Rob Sadowski, director of marketing and technology solutions at RSA Security.
Is the FTC looking to expand its role?
Perhaps the FTC is actually looking to learn more about how the cybersecurity audit process works, in order to step up its own enforcement efforts.
"The FTC is most likely going to leverage the information from this audit to help justify an increased budget and bigger staffing resources," said Ed Fox, vice president of network services at MetTel, which works with several government agencies on cybersecurity issues.
Sign up for CIO Asia eNewsletters.