Third-party auditors found several deficiencies in the Department of Labor’s (DoL) information security program and determined it was not effective. […]
Information security remains a prevalent concern for the State Department based on numerous previous recommendations regarding fundamental information technology-related issues that still require close attention, according to a recent agency Office of Inspector General (OIG) report.
The report assesses 107 unclassified, open OIG recommendations from 19 reports addressed to the Bureau of Information Resource Management (IRM) as of July 30, 2021. OIG found that IRM had addressed three of the 107 recommendations and closed one duplicative recommendation related to risk management, one related to data protection and privacy, and one related to general IT policies. Additionally, OIG closed 14 recommendations in August 2021 as part of its normal compliance process.
However, the remaining 90 recommendations – 57 percent of which dated back to fiscal 2019 or earlier – remain relevant and require “close attention to close them,” the report read.
A larger number of the recommendations involve configuration management of products and systems to ensure information security. The other unaddressed recommendations pertain to several areas including as risk management, IT investments, contingency planning, and shared services.
To facilitate closing the remaining recommendations addressed to IRM, OIG made two recommendations to Carol Perez, the agency’s under secretary for management. OIG recommended her office develop a method for periodically reviewing IRM’s efforts – and indicated that step has since been taken.
OIG also recommended that Perez’s office verify IRM plans of action and milestones (POA&M) documented for all 90 recommendations. However, Perez disagreed with that recommendation, explaining that if the end goal is for IRM to solve open recommendations, developing an individual action plan for each recommendation is “overly cumbersome.”
“IRM’s staff, time, and resources are better spent working on compliance-related activities, maintaining a high standard of day-to-day operations, and communicating directly with OIG,” Perez wrote in her response to OIG.
However, OIG argued that under guidance from the National Institutes of Standards and Technology, agencies are required to develop a POA&M, and that Perez must submit a POA for the recommendation. […]
In a report by the Office of Inspector General (OIG) for the Department of State that identifies the most significant management and performance challenges, the OIG found information security and management as one of those seven challenges. […]
The Office of the Inspector General (OIG) at NASA blamed the lack of information security programs, missing contingency plans, and ineffective IT security handbooks for the agency’s Federal Information Security Modernization (FISMA) Act shortcomings in Fiscal Year 2019. […]
The Department of Education has implemented three priority open recommendations that were identified by the Government Accountability Office (GAO) in April 2019, including improving information security. […]
The Environmental Protection Agency (EPA) security posture needs improved resiliency in areas such as risk management and incident response to “preserve the integrity of EPA data,” according to a March 24 Office of the Inspector General (OIG) report. […]
The Federal Election Commission (FEC) is missing effective IT governance and struggles with internal cyber vulnerabilities, according to an FEC Office of Inspector General (OIG) report released on Nov. 19. […]
A report by the U.S. Consumer Product Safety Commission’s (CPSC) Office of Inspector General (OIG) found that CPSC is making progress in implementing Federal Information Security Modernization Act (FISMA) requirements, but still have more work to do in that area. […]
An Office of Inspector General (OIG) report released today says that one of the Federal Trade Commission’s (FTC) top management challenges is securing its information systems and networks from destruction, data loss, and compromise, based on an audit covering Fiscal Year 2018. […]
The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) identified an uptick in security gaps in the Centers for Medicare & Medicaid Services’ (CMS) Medicare administrative contractors (MACs) information security programs in fiscal year 2018, according to an OIG report released Aug. 23. […]
The Office of Management and Budget (OMB) needs to do more to help Federal agencies with FISMA (Federal Information Security Modernization Act) compliance, according to a recent Government Accountability Office (GAO) report. […]
The Government Accountability Office (GAO) uncovered a list of new information system security weaknesses at the IRS in a report released July 18. […]
The Environmental Protection Agency’s (EPA) Office of Inspector General has flagged cybersecurity and data management issues as top management challenges for the agency in FY2019 that need to be tackled. […]
The National Institute of Standards and Technology (NIST) is recruiting for talent to serve on its advisory boards, including the Information Security and Privacy Advisory Board (ISPAB), according to a notice posted in the Federal Register on April 10. […]
The Department of the Interior received 18 security-related recommendations in a KPMG Federal Information Security Modernization Act (FISMA) audit, which identified several information security risks across the agency. […]
The information security market will grow 8.7 percent, to $124 billion, in 2019, according to a forecast released today by research firm Gartner. […]
Addressing cybersecurity risks is a matter of continuous trial and error, according to Lori Carrig, chief of the Census Bureau’s Website Development and Operations Branch. She will be speaking at Akamai’s Government Forum on March 28. […]
The Department of Homeland Security continues to use unsupported operating systems that may expose agency data to unnecessary risks, according to a recent evaluation issued by DHS Office of Inspector General. […]
Department of Veterans Affairs CIO LaVerne Council has ordered VA CISO Brian Burns to “redirect his exclusive focus on VA’s role in the Interagency Program Office.” Council also tapped Ron Thompson to serve as interim VA CISO. … VA kicked off its 2016 Information Security and Privacy Awareness Week Speaker Series, but problems dogged the online chat and telephone dial-in. […]