Audit: CBP weak on IT security

Information technology security remains a significant deficiency at U.S. Customs and Border Protection but is no longer a material weakness, according to an independent audit released today by Homeland Security Department Inspector General Richard Skinner.

In a previous review in September 2007, audit firm KPMG noted a material weakness in entitywide security of CBP computer systems, including problems with system access controls,service continuity and software change management.

In the current audit, which took place in September 2008, KPMG auditors said CBP had corrected some of the shortcomings, and the material weakness was downgraded to a significant deficiency, which reflects a lower level of concern.

“Improvements were made to correct the material weakness; however, significant deficiencies remain in all areas noted during fiscal 2008,” the audit stated.

However, in both the 2007 and 2008 audits, CBP continued to be out of compliance with the Federal Information Security Management Act, which sets up requirements for reporting of IT security protocols and problems.

Although upgrades were made, CBP did not substantially comply with all categories of FISMA during fiscal 2008, the audit stated.

“Collectively, the IT control deficiencies limit CBP’s ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability,” the auditors wrote. However, due to the sensitive nature of the security issues identified, the auditors said they would issue a separate report on the details of their findings.

Overall, the auditors reported a material weakness in drawback of duties, taxes and fees, continued from 2007. There also were three other significant deficiencies reported in the CBP entry process for shipments. A previous deficiency regarding refunds for a dumping offset program was removed. CBP officials agreed with the audit.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Veterans Affairs
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA health record go-live pushed back to July

    The Department of Veterans Affairs is delaying a planned initial deployment of its $16 billion electronic health record project by four months, but is promising added functionality at the go-live date.

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.