Deficiencies in the Department of Homeland Security’s (DHS) information security program for intelligence systems may put the department at risk, according to a recent audit by DHS’ Office of the Inspector General (OIG).
The auditors conducted the review to determine whether DHS’ information security program complied with the Federal Information Security Modernization Act (FISMA), which requires federal agencies to develop, document, and implement an information security program. An update to FISMA in 2014 confirmed the authority held by DHS to implement IT related policies for non-national security federal executive branch systems.
According to a recently released unclassified summary of the audit, DHS OIG reviewed the program for continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, remote access management, contingency planning, and contractor systems.
DHS OIG found that the United States Coast Guard (USCG) has completed the migration of all its sites that process Top Secret/Sensitive Compartmented Information to the Department of Defense Intelligence Information System. However, USCG needs to enhance the working relationship with the Department Intelligence Agency to more completely outline oversight requirements for the Department of Defense Intelligence Information System areas which enhance its intelligence procedures.
Based upon the findings of the review, DHS OIG determined that DHS’ information security programs were not fully in compliance with FISMA, and therefore provided four recommendations ensure the information systems that support DHS’ intelligence systems and assets are effective.
DHS concurred with the recommendations.