IG: GSA needs more effective data security

The General Services Administration lacks consistency in implementing security controls and doesn't have enough management oversight of its contractors as part of its information technology security program, the department’s inspector general has said. Those weaknesses prevent GSA from effectively identifying and managing risks for all its systems and data, the IG said in a recent report.

In addition to contractor oversight, GSA needs to improve the protection of sensitive information, the security of its publicly facing Web sites and controls for minor applications, Larry Bateman, director of GSA’s Information Technology Security Audit Services in the IT audit office, said in a report released Sept. 24.

For example, GSA has encrypted less than 1,800 of the 8,000 laptop computers it identified as needing that work two years after the Office of Management and Budget issued a memo that directed agencies to secure mobile data, the report said.

GSA has already incorporated security roles and responsibilities and guidance from the National Institute of Standard into department policies and procedures, he said. GSA also has taken initial steps to identify and reduce risks through security controls.

However, Bateman recommended that Casey Coleman, GSA’s chief information officer, enhance management, operational and technical controls in each of these areas. Coleman said in a written response that she agreed with the recommendations.

The recommendations included implementing a comprehensive breach notification policy to protect sensitive information; more monitoring of GSA’s external Web sites to reduce associated risks; and updating policies and procedures to also cover minor applications.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.