GAO finds security lax for federal employees' personal info

Weak access controls are placing sensitive government personnel and financial information stored on the National Finance Center's computer systems at risk of disclosure or destruction, according to a new General Accounting Office report.

The Agriculture Department's NFC operates financial systems such as payroll/personnel and accounting systems for the USDA and about 60 other federal organizations. The NFC also maintains the records of the multibillion dollar Thrift Savings Program, a type of 401(k) program for federal employees.

The GAO concluded that problems with NFC's access control "placed sensitive personnel information at risk of disclosure, critical financial operations at risk of disruption and assets at risk of loss." Logical, system software and physical access controls are designed to protect computer databases from enabling unauthorized users to access or change the data stored in the systems.

The GAO found that NFC had given legitimate users too much access to financial and sensitive personal information. For example, GAO found that 86 users had the ability to read and alter any data stored on tape regardless of other security software controls that were in place. NFC said they have taken steps to limit this access, according to the report.

In addition, GAO found that users could bypass certain access controls and gain unauthorized access to financial and other sensitive data that the NFC maintains or cause system failures. For example, the system software that controls batch processing allowed any user with the ability to execute a batch program also to shut down the system or turn off features such as the security software.

In its response to the report, the NFC said it has "already completed corrective actions on most of the items and [it has] planned appropriate corrective actions on the rest."

Featured

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected