GAO: Secure Flight improved IT security

TSA has met most of Congress' requirements for Secure Flight

The Transportation Security Administration took action between January and April to meet Congress’ requirements for information security and privacy controls for its Secure Flight passenger watch list screening system, according to a new report from the Government Accountability Office.

“As of April 2009, TSA had generally achieved nine of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved one condition,” the GAO report posted on the Web today said.

Under Secure Flight, TSA officials are to screen airline passengers against watch lists of suspected terrorists. Since the 2001 terrorist attacks, commercial airlines have handled those duties for domestic flights while Secure Flight has been in development.

Congress last year established 10 conditions for the TSA to meet as it completed development of the program, including conditions for accuracy, redress, oversight, privacy, life-cycle cost estimates and information security. The agency certified in September 2008 that it had met the 10 conditions.

However, GAO's auditors reported this January that the TSA had met only five of the conditions. Requirements for information security and privacy were among the conditions that remained incomplete then.

In a follow-up review this April, GAO said nine of the 10 conditions had been met, including conditions for information security and privacy.

The GAO said the TSA since January has corrected deficiencies in information security. By March 20, the TSA had fixed all 60 high- and moderate-risk information security vulnerabilities associated with the final version of Secure Flight, the report states.

TSA met the requirement related to privacy by March 31, GAO also said.

However, to date the agency has only partially met a requirement to develop appropriate life-cycle cost estimates, expenditure plans, budgets and schedules for Secure Flight, the report states.

In late January 2009, TSA began to operate Secure Flight for a limited number of domestic flights for one airline. Secure Flight will be operating watch-list matching functions for all domestic flights by March 2010 and will begin assuming those duties for international flights at that time, GAO noted.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.