Audit: CBP weak on IT security

Information technology security remains a significant deficiency at U.S. Customs and Border Protection but is no longer a material weakness, according to an independent audit released today by Homeland Security Department Inspector General Richard Skinner.

In a previous review in September 2007, audit firm KPMG noted a material weakness in entitywide security of CBP computer systems, including problems with system access controls,service continuity and software change management.

In the current audit, which took place in September 2008, KPMG auditors said CBP had corrected some of the shortcomings, and the material weakness was downgraded to a significant deficiency, which reflects a lower level of concern.

“Improvements were made to correct the material weakness; however, significant deficiencies remain in all areas noted during fiscal 2008,” the audit stated.

However, in both the 2007 and 2008 audits, CBP continued to be out of compliance with the Federal Information Security Management Act, which sets up requirements for reporting of IT security protocols and problems.

Although upgrades were made, CBP did not substantially comply with all categories of FISMA during fiscal 2008, the audit stated.

“Collectively, the IT control deficiencies limit CBP’s ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability,” the auditors wrote. However, due to the sensitive nature of the security issues identified, the auditors said they would issue a separate report on the details of their findings.

Overall, the auditors reported a material weakness in drawback of duties, taxes and fees, continued from 2007. There also were three other significant deficiencies reported in the CBP entry process for shipments. A previous deficiency regarding refunds for a dumping offset program was removed. CBP officials agreed with the audit.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected