Submitting OIG:
Report Description:
Our FY 2013 FISMA review found that the Department had made progress in remediating issues identified in previous FISMA reviews. Specifically, it complied with 4 of the 11 reporting metrics: continuous monitoring, plan of action and milestones, contractor systems, and security capital planning. However, we found deficiencies with the remaining seven reporting metrics—configuration management, identity and access management, incident response and reporting, risk management, security training, remote access management, and contingency planning—many of which were repeat or modified findings from OIG reports issued over the last several years. Without adequate management, operational, and technical security controls in place, the Department’s systems and information are vulnerable to attacks that could lead to a loss of confidentiality and to a loss of integrity resulting from data modification or limited availability of systems. In addition to reiterating recommendations made in our FY 2012 FISMA report, we made 23 new recommendations to help the Department establish and sustain an effective information security program that complies with FISMA, Office of Management and Budget, and National Institute of Science and Technology requirements.
Date Issued:
Wednesday, November 13, 2013
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A11N0001
Component, if applicable:
Office of Chief Information Officer
Location(s):
United States
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
21
View Document:
Attachment | Size |
---|---|
a11n0001.pdf | 2.59 MB |
Additional Details Link: