Oversight

Census Bureau misses self-imposed deadline as it implements security fixes

Image from Shutterstock.

In early November 2015, Commerce Department CIO Steven Cooper told Congress the Census Bureau would close all 30 of its long-open Government Accountability Office actions by the end of the year.

Dec. 31 came and went, but Census has missed the target, according to the GAO monitor keeping tabs.

"The bureau did not meet its self-imposed goal," Carol Cha, GAO's director of information technology acquisition management issues, told FCW on Jan. 6.

The bureau told FCW it was working actively with GAO to address the recommendations, which stem from a January 2013 GAO report.

Cha said the status of the recommendations hadn't changed in the two months since the Nov. 3 hearing -- held jointly by the House Oversight and Government Reform Committee's Government Operations and Information Technology subcommittees -- in which Cooper made his pledge: 115 total recommendations, of which 66 are closed, 19 are under review and 30 are open.

Only one recommendation, advising leadership to "clearly document the Bureau's assessment of common controls for information systems before granting an authorization to operate," was made public; the rest were limited distribution.

Those security-related recommendations came two-and-a-half years before Census was hacked.

"[I]n general terms, many of them relate to strengthening weaknesses in identification and authentication (e.g., password controls, securing system accounts and access) and configuration management (e.g., patch management, outdated software)," Cha told FCW via email.

Agencies could enjoy cost savings and cybersecurity boosts, GAO emphasized in a blog post released this week, by closing open recommendations.

In a Jan. 8 statement, Census spokesman Michael Cook noted Census had responded to all 115 recommendations in April 2015 and was on track to close out everything. Of the 49 outstanding recommendations, Cook said Census had responded to 16 of them by Jan. 5, and 20 more are under review at GAO.

"Census Bureau is continuing to work with the GAO and has established a timeline to respond by the end of March [to the final 13 recommendations]," Cook said, emphasizing the slow, methodical process required to fully close GAO actions.

The pushed-back deadline on GAO's security and authorization recommendations comes at the beginning of a crucial year for the bureau, as it prepares for the 2020 enumeration of the U.S. population.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.