Report: DHS has 'significant deficiency' in info security

DHS IG: Evaluation of DHS' Information Security Program for Fiscal Year 2004"

Related Links

The Homeland Security Department's inspector general has completed an information security audit of the agency, which shows DHS officials are still struggling with internal cybersecurity issues.

The report, released Oct. 27, highlights areas in which DHS officials have improved the department's information security practices and policies. But the overall tone of the report is negative. "We recommend that DHS continue to consider its information systems security program a significant deficiency for" fiscal 2004, the IG auditors state in the report's summary.

The IG conducted the information security audit between April and September 2004 according to guidelines set by Office of Management and Budget officials. OMB developed the guidelines to help federal agencies comply with the Federal Information Security Management Act of 2002.

The report cited the chief information officer's lack of authority to manage DHS' departmentwide information technology programs and spending as a significant factor in the department's struggle to secure its information systems. It stated that the absence of a formal reporting relationship between the CIO and the program organizations within the department continues to undermine DHS' information security program.

Among the problems cited in the report, the inspector general found 12 systems had been accredited even though key documentation did not meet the requirements for accreditation.

On a positive note, the IG commended DHS officials for developing departmentwide security configurations policies and procedures for Microsoft Corp. Windows 2000 and Sun Microsystems Inc. Solaris systems. But the report also noted that no DHS organization had completed configuration requirements for all of its systems.

Steven Cooper, DHS' CIO, was more positive in his written response to the report. After stating that he generally concurred with the IG's findings, Cooper wrote that DHS officials have begun a comprehensive inventory of general support systems and major applications and will review data captured in the agency's automated FISMA data collection and reporting system, Trusted Agent FISMA.

The IG's audit revealed problems with verifying the data in the automated system. For example, Trusted Agent FISMA does not identify applications and systems that are due for recertification and accreditation.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.