IG finds FEMA's laptop security faulty
"Improved Administration Can Enhance Federal Emergency Management Laptop Computer Security" (.pdf)
The Federal Emergency Management Agency does not have effective procedures to protect information contained on its laptop computers, according to a new report from Richard Skinner, the Homeland Security Department’s inspector general.
The IG tested 298 of the 32,000 laptop computers FEMA has in its inventory and discovered significant shortcomings in the agency’s ability to set security configurations, conduct patching to remedy vulnerabilities and manage its inventory.
“As a result, sensitive information stored and processed in FEMA’s laptop computers may not be protected properly,” Skinner wrote in the report.
The same ineffective configurations extend to FEMA’s desktop computers, suggesting that the problem is widespread throughout the agency, the report states.
Skinner said his staff was unable to review FEMA’s compliance with the requirements of the Federal Information Security Management Act because the agency did not have a complete inventory of its laptop computers.
FEMA officials agreed with the IG’s report.Alice Lipowicz writes for Washington Technology, an 1105 Government Information Group publication.