Submitting OIG:
Report Description:
We found that the Department and FSA made progress in strengthening its information security programs; however, weaknesses remained and the Department-wide information systems continued to be vulnerable to security threats. Specifically, we found that the Department was not generally effective in 4 of the 10 security areas reviewed—continuous monitoring, configuration management, incident response and reporting, and remote access management. Although we determined that the Department’s and FSA’s information technology security programs were generally effective in key aspects of three metric areas—risk management, security training, and contingency planning—we also noted that improvements were still needed in these areas. For the Department and FSA’s plan of action and milestones process, we
determined that if implemented as intended, it should be effective. We also determined that the Department’s identity and access
management programs and practices would be generally effective if implemented properly but that the Department’s controls over
access to FSA’s mainframe environment need improvement.
Date Issued:
Friday, November 13, 2015
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A11P0001
Component, if applicable:
Office of Chief Information Officer
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
26
View Document:
Attachment | Size |
---|---|
a11p0001.pdf | 3.51 MB |
Additional Details Link: