Security weaknesses prevalent at Treasury's FMS

Systematic security weaknesses at the Treasury Department's Financial Management Service could leave the billions of dollars collected and paid out by the organization open to fraud, according to the General Accounting Office.

The weaknesses stem from the lack of a centralized enterprise security management plan, despite a 1998 GAO report that pointed out the need for one. In this year's audit, GAO found that FMS had taken action to improve security. But three of the seven FMS centers have made little or no progress, and the most recent audit found new weaknesses, the report stated.

Weakness include poor access control that leaves systems open to unauthorized users, and inadequate software development control that opens applications to poorly written code and back doors. FMS also is moving to a new distributed computing environment that could further increase the security risks, GAO said.