IG: USDA monitoring system improves IT security

he Agriculture Department has taken numerous steps to heighten program managers’ awareness of the need to implement effective information security, the department’s Office of Inspector General said.

USDA's chief information officer has also improved oversight of information technology security, including establishing a system to monitor security controls, auditors wrote in a report released Oct. 20 that evaluated the department's compliance with the Federal Information Security Management Act in fiscal 2008.

However, more actions are needed to establish an effective security program, said Phyllis Fong, USDA's IG.

USDA’s most significant accomplishment was deploying a cybersecurity assessment and management system that the Justice Department developed for monitoring FISMA compliance, the report states. The system lets USDA identify common threats and vulnerabilities, supports a security control baseline to help achieve FISMA compliance, and tracks IT weaknesses by monitoring security controls, the report states.

“However, until this system is fully populated and the department’s policies and procedures are in place and are fully operational, IT will continue to be a material weakness,” the report states.

Although USDA has strengthened its IT security program, some improvements were not thorough and complete, including a computer systems inventory, security plans of actions and milestones, and the certification and accreditation of systems, the report states. The IG’s office recommends that USDA create a plan in cooperation with its 29 agencies that tackles each weakness in a systematic way.

To fix department weaknesses, the IG’s report states that USDA should:
* Finish encrypting all laptop PCs.
* Follow the National Institute of Standards and Technology’s security configuration checklist.
* Identify and report security incidents internally to USDA’s CIO and IG and externally to the U.S. Computer Emergency Readiness Team.
* Routinely apply software patches for known vulnerabilities.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.