GAO: Secure Flight improved IT security

TSA has met most of Congress' requirements for Secure Flight

The Transportation Security Administration took action between January and April to meet Congress’ requirements for information security and privacy controls for its Secure Flight passenger watch list screening system, according to a new report from the Government Accountability Office.

“As of April 2009, TSA had generally achieved nine of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved one condition,” the GAO report posted on the Web today said.

Under Secure Flight, TSA officials are to screen airline passengers against watch lists of suspected terrorists. Since the 2001 terrorist attacks, commercial airlines have handled those duties for domestic flights while Secure Flight has been in development.

Congress last year established 10 conditions for the TSA to meet as it completed development of the program, including conditions for accuracy, redress, oversight, privacy, life-cycle cost estimates and information security. The agency certified in September 2008 that it had met the 10 conditions.

However, GAO's auditors reported this January that the TSA had met only five of the conditions. Requirements for information security and privacy were among the conditions that remained incomplete then.

In a follow-up review this April, GAO said nine of the 10 conditions had been met, including conditions for information security and privacy.

The GAO said the TSA since January has corrected deficiencies in information security. By March 20, the TSA had fixed all 60 high- and moderate-risk information security vulnerabilities associated with the final version of Secure Flight, the report states.

TSA met the requirement related to privacy by March 31, GAO also said.

However, to date the agency has only partially met a requirement to develop appropriate life-cycle cost estimates, expenditure plans, budgets and schedules for Secure Flight, the report states.

In late January 2009, TSA began to operate Secure Flight for a limited number of domestic flights for one airline. Secure Flight will be operating watch-list matching functions for all domestic flights by March 2010 and will begin assuming those duties for international flights at that time, GAO noted.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.