The Office of Inspector General (OIG) has evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems.
Pursuant to the Federal Information Security Modernization Act of 2014 (FISMA), OIG reviewed the Department’s security program and system security controls for the enterprise-wide intelligence system.
OIG found that the Office of Intelligence and Analysis has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices.
The watchdog determined that DHS’ information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems.
However, OIG identified deficiencies in DHS’ patch management process. In addition, OIG said in its unclassified summary that the United States Coast Guard could not ensure all of its intelligence users received the required security awareness training.
DHS concurred with both recommendations to address these shortcomings.