GAO: US-VISIT security needs strengthening

Security weaknesses in the Customs and Border Protection agency's U.S. Visitor and Immigrant Status Indicator Technology program put sensitive personal information at risk, a Government Accountability Office report states.

Problems include poor identification and authentication practices, insufficient limits on access to US-VISIT information, bad network and physical security, inconsistent encryption, and inadequate logging and user accountability.

'These weaknesses collectively increase the risk that unauthorized individuals could read, copy, delete, add and modify sensitive [and personally identifiable] information, and disrupt the operations of the US-VISIT program,' GAO said in the Aug. 3 report.

The report also states that CBP did not perform certain actions to protect its information technology systems, such as updating interconnection agreements in security plans, testing and evaluating security controls, implementing incident-detection procedures, and addressing privacy issues.

CBP provides limited assurance that US-VISIT will 'achieve its goal of enhancing the security of U.S. citizens and its visitors,' the report states.

Steven Pecinovsky, director of the Homeland Security Department's GAO/Office of Inspector General Liaison Office, concurred with GAO's findings and said CBP has taken steps to address some of the issues.

'CBP is currently in the process of upgrading its networks, systems and workstations,' he said in a written response to the report. 'Once these implementations are completed, many of the GAO findings will be closed.'

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.