DOT OIG Audit: Information Security Program at the Department of Transportation

DOT OIG Audit – Information Security Program at the Department of Transportation, October 10, 2007, Project ID: FI-2008-001

“Summary: On October 10, 2007, we issued our final report on the annual audit of the Department of Transportation’s Information Security Program as required by the Federal Information Security Management Act (FISMA). FY 2007 was a particularly challenging year for the Department in managing its IT resources. In addition to establishing a common IT infrastructure for the new Headquarters, it had to review, test, and certify security protection in more than half of its information systems to meet the recertification requirement.
While the Department has completed most of the scheduled security recertification reviews, the overall effectiveness of its information security program declined this year because management had to divert resources and attention to resolving Headquarters move-related issues. Specifically, management did not meet Government security standards to protect information systems and did not take sufficient action to correct identified security deficiencies. We also found that commercial software products used in departmental systems were not configured in accordance with security standards and security incidents were incompletely and/or inaccurately reported.”

Facebook Tweet LinkedIn

M	T	W	T	F	S	S
« Oct
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30