IG: GSA needs more effective data security

The General Services Administration lacks consistency in implementing security controls and doesn't have enough management oversight of its contractors as part of its information technology security program, the department’s inspector general has said. Those weaknesses prevent GSA from effectively identifying and managing risks for all its systems and data, the IG said in a recent report.

In addition to contractor oversight, GSA needs to improve the protection of sensitive information, the security of its publicly facing Web sites and controls for minor applications, Larry Bateman, director of GSA’s Information Technology Security Audit Services in the IT audit office, said in a report released Sept. 24.

For example, GSA has encrypted less than 1,800 of the 8,000 laptop computers it identified as needing that work two years after the Office of Management and Budget issued a memo that directed agencies to secure mobile data, the report said.

GSA has already incorporated security roles and responsibilities and guidance from the National Institute of Standard into department policies and procedures, he said. GSA also has taken initial steps to identify and reduce risks through security controls.

However, Bateman recommended that Casey Coleman, GSA’s chief information officer, enhance management, operational and technical controls in each of these areas. Coleman said in a written response that she agreed with the recommendations.

The recommendations included implementing a comprehensive breach notification policy to protect sensitive information; more monitoring of GSA’s external Web sites to reduce associated risks; and updating policies and procedures to also cover minor applications.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.