An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Education
The U.S. Department of Education’s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013
Our FY 2013 FISMA review found that the Department had made progress in remediating issues identified in previous FISMA reviews. Specifically, it complied with 4 of the 11 reporting metrics: continuous monitoring, plan of action and milestones, contractor systems, and security capital planning. However, we found deficiencies with the remaining seven reporting metrics—configuration management, identity and access management, incident response and reporting, risk management, security training, remote access management, and contingency planning—many of which were repeat or modified findings from OIG reports issued over the last several years. Without adequate management, operational, and technical security controls in place, the Department’s systems and information are vulnerable to attacks that could lead to a loss of confidentiality and to a loss of integrity resulting from data modification or limited availability of systems. In addition to reiterating recommendations made in our FY 2012 FISMA report, we made 23 new recommendations to help the Department establish and sustain an effective information security program that complies with FISMA, Office of Management and Budget, and National Institute of Science and Technology requirements.
This is a publication by GAO's Inspector General that concerns internal GAO operations. The report summarizes the activities of the Office of the Inspector General (OIG) for the second reporting period of fiscal year 2013.
The Reports Consolidation Act of 2000 requires the U.S. Department of Education (Department), Office of Inspector General to identify and report annually on the most serious management challenges the Department faces. The Government Performance and Results Modernization Act of 2010 requires the Department to include in its agency performance plan information on its planned actions, including performance goals,indicators, and milestones, to address these challenges. To identify management challenges, we routinely examine past audit, inspection, and investigative work, as well as issued reports where corrective actions have yet to be taken; assess ongoing audit, inspection, and investigative work to identify significant vulnerabilities; and analyze new programs and activities that could post significant challenges because of their breadth and complexity. Last year, we presented four management challenges: improper payments, information technology security, oversight and monitoring, and data quality and reporting. While the Department remains committed to addressing these areas and has taken or plans action to correct many of their underlying causes, each remains as a management challenge for fiscal year 2014. We also added a new challenge related to the Department’s information technology system development and implementation.
