Cloud

GSA IT is vulnerable, IG says

Shutterstock image (by wk1003mike): cloud system fracture.

In a semiannual report to Congress released Nov. 30, the General Services Administration's Office of Inspector General highlighted a series of IT vulnerabilities and challenges at the agency.

The IT notes are part of the report's broad account of the IG's fiscal 2015 activities: 161 investigations opened, 204 closed and recommendations to put $1.3 billion in funding to better use that fiscal year.

"GSA IT systems do not always use effective data models, business rule validation checks or data exchange specifications to ensure data quality," the report states. "Challenges exist because GSA systems often do not integrate with each other, resulting in duplication of business processes, cost inefficiencies and customer dissatisfaction."

In particular, the report cites integration problems with GSA's Authorized Leave and Overtime Help Application and the Electronic Time and Attendance Management System.

"Due to design weaknesses in the interface between the two systems, GSA does not have sufficient assurance that the leave balances for thousands of its employees are accurate," the report states, noting that thousands of employees have been affected by discrepancies.

The report also addresses outstanding "sensitive data access control vulnerabilities within GSA's cloud computing environment" that were first reported in October 2014.

The vulnerability details were restricted, but IG spokeswoman Sarah Breen said five of the IG's eight recommendations remained open as of early December, despite being due to be closed by Nov. 15.

"However, the final verification of the outstanding corrective actions is in process, and we expect it to be complete soon," she added.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.