DHS Found Deficient in key Information Security Reporting Requirements
The Department of Homeland Security managed to strengthen its cybersecurity capabilities over the course of FY 2015 but failed to comply with multiple important information security requirements, said DHS’ Office of Inspector General in a report released Thursday. “Without addressing…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
these deficiencies, the Department cannot ensure that its systems are properly secured to protect sensitive information stored and processed in them,” said the OIG. In particular, DHS failed to “include its classified system information as part of its information security scorecard” or as part of its Federal Information Security Modernization Act (FISMA) compliance submissions to the Office of Management and Budget, the OIG said. Some DHS agencies and offices “did not maintain their information security programs on a year-round, continuous basis” and the department’s enterprise management systems “lacked input validation controls to ensure accurate data was entered into the system,” the OIG said. DHS agreed with most recommendations from the OIG but said it didn’t concur with a recommendation that DHS strengthen its FISMA reporting process to ensure its classified system data was included on its FISMA compliance submissions to OMB. FISMA compliance reporting requirements for FY 2015 “do not require the submission of agency classified system data,” with a separate scorecard being used to report that information in case such scorecards need to be made classified documents, DHS said.