IG: GSA needs more effective data security

The General Services Administration lacks consistency in implementing security controls and doesn't have enough management oversight of its contractors as part of its information technology security program, the department’s inspector general has said. Those weaknesses prevent GSA from effectively identifying and managing risks for all its systems and data, the IG said in a recent report.

In addition to contractor oversight, GSA needs to improve the protection of sensitive information, the security of its publicly facing Web sites and controls for minor applications, Larry Bateman, director of GSA’s Information Technology Security Audit Services in the IT audit office, said in a report released Sept. 24.

For example, GSA has encrypted less than 1,800 of the 8,000 laptop computers it identified as needing that work two years after the Office of Management and Budget issued a memo that directed agencies to secure mobile data, the report said.

GSA has already incorporated security roles and responsibilities and guidance from the National Institute of Standard into department policies and procedures, he said. GSA also has taken initial steps to identify and reduce risks through security controls.

However, Bateman recommended that Casey Coleman, GSA’s chief information officer, enhance management, operational and technical controls in each of these areas. Coleman said in a written response that she agreed with the recommendations.

The recommendations included implementing a comprehensive breach notification policy to protect sensitive information; more monitoring of GSA’s external Web sites to reduce associated risks; and updating policies and procedures to also cover minor applications.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.