The Department of Homeland Security’s Office of Inspector General released a report on Monday evaluating DHS’ Information Security Program. According to the executive summary, the report identified a number of issues that concerned Sen. Tom Coburn (R-OK), ranking member of the Senate Homeland Security and Governmental Affairs Committee.
The breaches listed were:
(1) systems are being operated without authority to operate; (2) plans of action and milestones are not being created for all known information security weaknesses or mitigated in a timely manner; and (3) baseline security configuration settings are not being implemented for all systems. Additional information security program areas that need improvement include incident detection and analysis, specialized training, account and identity management, and contingency planning. Finally, the Department still needs to consolidate all of its external connections, and complete the implementation of personal identity verification compliant logical access on its information systems and networks.