FEMA still weak on IT security, auditors say

Related Links

The audit report

The Federal Emergency Management Agency is still struggling to secure its information technology systems with 31 weaknesses carried over from previous years and 13 new weaknesses identified in fiscal 2007, according to a new audit report released by Homeland Security Department Inspector General Richard Skinner.

FEMA corrected 10 weaknesses last year, and it developed new policies, processes and procedures to comply with cybersecurity guidelines, states the report on FEMA’s IT issues related to financial controls, written by the KPMG LLP auditing firm.

Overall, FEMA continues to suffer from weak controls on employee and contractor passwords, shortcomings in application service development and service continuity, and a weakness in its systemwide documentation, among other problems, the report states.

“These issues collectively limit FEMA’s ability to ensure that critical financial and operational data is maintained in a manner to ensure confidentiality, integrity and availability,” the report states.

“Consequently, these weaknesses negatively impacted the internal controls over FEMA financial reporting and its operation,” KPMG said. FEMA managers generally agreed with the findings.

Among the problems identified in the report:



  • There are 770 former FEMA and contractor employees with some level of active password privileges.



  • National Flood Insurance Program workstation deactivations are not programmed in compliance with security guidelines.



  • Changes to mainframe applications were documented only about half the time.



  • Excessive access privileges are in place on several applications.



  • FEMA’s Continuity of Operations plan has not been updated to reflect concerns raised by the IT Service Division Continuity of Operations Plan.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group