Audit: CBP weak on IT security

Information technology security remains a significant deficiency at U.S. Customs and Border Protection but is no longer a material weakness, according to an independent audit released today by Homeland Security Department Inspector General Richard Skinner.

In a previous review in September 2007, audit firm KPMG noted a material weakness in entitywide security of CBP computer systems, including problems with system access controls,service continuity and software change management.

In the current audit, which took place in September 2008, KPMG auditors said CBP had corrected some of the shortcomings, and the material weakness was downgraded to a significant deficiency, which reflects a lower level of concern.

“Improvements were made to correct the material weakness; however, significant deficiencies remain in all areas noted during fiscal 2008,” the audit stated.

However, in both the 2007 and 2008 audits, CBP continued to be out of compliance with the Federal Information Security Management Act, which sets up requirements for reporting of IT security protocols and problems.

Although upgrades were made, CBP did not substantially comply with all categories of FISMA during fiscal 2008, the audit stated.

“Collectively, the IT control deficiencies limit CBP’s ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability,” the auditors wrote. However, due to the sensitive nature of the security issues identified, the auditors said they would issue a separate report on the details of their findings.

Overall, the auditors reported a material weakness in drawback of duties, taxes and fees, continued from 2007. There also were three other significant deficiencies reported in the CBP entry process for shipments. A previous deficiency regarding refunds for a dumping offset program was removed. CBP officials agreed with the audit.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.