Close this Advertisement

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

IG: GSA contractors get system access before background checks

Related Links

IG report (.pdf)

Mike Butler wants to card you

OMB, DHS take various steps to secure networks

General Services Administration officials compromised confidential information when they failed to perform background checks on contractors before giving them access to the agency’s information systems, according to GSA’s inspector general.

The IG found that agency officials granted 25 contractors access to one system without performing background investigations, even though the contract for the work required them. In addition, two other contractor-run systems allowed temporary access but didn’t request checks on the workers, according to a Sept. 17 IG report recently posted online.

“Background investigations remain an oversight challenge,” the report states.

Casey Coleman, the agency’s chief information officer, said GSA signed an agreement with the Homeland Security Department to speed the process of conducting background checks on contractors.

However, the IG said GSA has no procedures in place to ensure that managers complete the background investigations.

In its audit, the IG said current safeguards do not guarantee that officials will complete investigations before granting access to agencies’ information systems. Even security measures mandated by Homeland Security Presidential Directive 12, which requires credentials for all federal employees and government contractors after they have undergone a background check, does not offer that protection.

“The lack of background investigations being completed for contractors is also a recurring weakness,” the report states.

The IG recommends that GSA officials find ways to measure whether managers are conducting the background checks that the task orders require.

GSA officials missed other flaws in the agency’s information systems, the report adds. The IG found unsecured Web applications, databases and operating systems and said the gaps have compromised confidential information.

Coleman said GSA continues to focus on securing its systems. She said the agency completed its latest round of checks on more than 2,100 servers in September and found that 97.5 percent had no high-risk vulnerabilities. Moreover, GSA earned an A on the Federal Information Security Management Act score card for 2006.

Dave Marin, staff director for the Republicans on the House Oversight and Government Reform Committee, said all agencies face similar challenges in guarding their systems against intrusions.

About the Author

Matthew Weigelt is a senior writer covering acquisition and procurement for Federal Computer Week. Follow him on Twitter: @matthewweigelt.

Related Articles

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Webcasts

Related Resources

Editorial Webcasts

  • Service Consolidation: How to Avoid Basic Pitfalls of Shared Services Register Now

    This is the first webcast of the Series “Future First: Three Steps to Data Center Transformation”. Plan to attend this webcast to support your agency efforts to design a practical roadmap for consolidation of resources and shared services to meet current and emerging program demands. Learn from those who are doing to help you evaluate services in your current operations that may lend themselves to future shared service arrangements. Read more

More Editorial Webcasts

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.