IG cites ongoing flaws in State's security

The State Department's systems security remains weak a year after the department's inspector general identified serious flaws, the IG reported recently.

As part of an annual review mandated by the Government Information Security Reform Act, the IG found that although State has a plan for certifying and accrediting its systems' security, it has set no timetable for implementing the plan.

But other officials called the security of State systems 'solid' in a statement responding to a reporter's questions.

'State has a strong program that includes intrusion detection systems deployed throughout the global infrastructure, enhanced firewalls and routers, a rigorous antivirus program and independent, periodic penetration testing,' the department said.

IT officials said some of the problems identified by the IG resulted from differences in how the department and IG defined GISRA terms. The department is taking steps to bolster its systems security, including establishing a new security office and seeking additional funds, State said.

Department officials had certified and accredited 4 percent of systems by August, the IG report said. Even though 72 percent of the department's 358 systems contain some level of classified information, only 15 percent have security plans, the report said.

State said it had a provisional plan for certifying all its systems on a three-year cycle.
The IG also said that information security officers at overseas posts 'generally were not performing all the requisite duties.'

Of 11 posts visited by auditors, none had information security plans, said the report.

The department said it had assigned security duties to officers at the posts, but the shortage of IT professionals made completing the tasks difficult. The department said it soon would appoint regional systems officers to oversee multiple smaller posts.

State also said it had established a new Office of Information Assurance to ensure that security measures are considered from a systems project's beginning.

The IG's report said the audit team will make recommendations for improving security at the department.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected