Web audit pings Army

An audit by the Defense Department's inspector general found that the Army's publicly accessible Web sites contained "inappropriate information" and recommends numerous steps the service should take to remedy the situation.

The audit, conducted from May 2001 through January of this year and released June 5, included findings from DOD's Joint Web Risk Assessment Cell, in addition to DOD IG Web site reviews.

From June through August of last year, the joint cell identified 77 public Army sites that contained inappropriate information, including:

* 14 examples of operational plans.

* 4 cases of personal information.

* 48 instances of policies and procedures on military operations.

* 11 documents marked "For Official Use Only."

The IG examined Web site administration at the Army Forces Command, the Army Training and Doctrine Command (Tradoc) and 11 other organizations and found that "sites under the control of both commands — contained information prohibited by Army Web policy."

Examples included Forces Command sites containing birth dates, family information, personal e-mail addresses, new equipment fielded, exercise data or inappropriate links to commercial sites, and Tradoc sites with similar breaches, as well as inappropriate language.

Officials told the DOD IG that the information would be removed.

The report includes numerous recommendations for the Army chief information officer's office, including:

* Require major commands to document periodic policy compliance reviews of publicly accessible Web sites, report those findings to the CIO and establish a follow-up system to resolve discrepancies identified.

* Coordinate with Tradoc to establish a training requirement and curriculum for Army Web administrators and require that administration personnel be trained before being assigned Web duties.

The Army's director of enterprise integration, Miriam Browning, responded on behalf of the service, although the report does not name her by name, referring only to her title and responses from "the director" or "she."

Browning partially concurred with the recommendation that commands periodically review their public sites but said it was unnecessary for major commands to report results of those reviews to the CIO.

Instead, she advocated that report submissions go "through the chain of command from organizations that have been notified of specific violations on their Web sites — the requirement of ad hoc reporting to the [CIO] on the violations that have been identified would be continued."

Browning generally agreed with the other recommendations.

The DOD IG released a report with similar findings earlier this year on the Air Force, although it did commend the Air Force for its Web training program as a "lesson learned" in the Army report.