Cloud

GSA IT is vulnerable, IG says

Shutterstock image (by wk1003mike): cloud system fracture.

In a semiannual report to Congress released Nov. 30, the General Services Administration's Office of Inspector General highlighted a series of IT vulnerabilities and challenges at the agency.

The IT notes are part of the report's broad account of the IG's fiscal 2015 activities: 161 investigations opened, 204 closed and recommendations to put $1.3 billion in funding to better use that fiscal year.

"GSA IT systems do not always use effective data models, business rule validation checks or data exchange specifications to ensure data quality," the report states. "Challenges exist because GSA systems often do not integrate with each other, resulting in duplication of business processes, cost inefficiencies and customer dissatisfaction."

In particular, the report cites integration problems with GSA's Authorized Leave and Overtime Help Application and the Electronic Time and Attendance Management System.

"Due to design weaknesses in the interface between the two systems, GSA does not have sufficient assurance that the leave balances for thousands of its employees are accurate," the report states, noting that thousands of employees have been affected by discrepancies.

The report also addresses outstanding "sensitive data access control vulnerabilities within GSA's cloud computing environment" that were first reported in October 2014.

The vulnerability details were restricted, but IG spokeswoman Sarah Breen said five of the IG's eight recommendations remained open as of early December, despite being due to be closed by Nov. 15.

"However, the final verification of the outstanding corrective actions is in process, and we expect it to be complete soon," she added.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected