Treasury IG will outsource FISMA reporting

Treasury IG will outsource FISMA reporting

Last year's creation of the Homeland Security Department slowed down reports mandated by the Federal Information Security Management Act for at least one Cabinet department, a congressional panel learned today.

The Treasury Department lost 70 percent of its inspector general's auditing staff to DHS, causing a three-month delay in the IG completing Treasury's FISMA report for the Office of Management and Budget.

IG Jeffrey Rush Jr. said his office now plans to outsource FISMA evaluations of non-national-security systems.

'We want to use contractors for most of our FISMA work,' he said, adding that he expects to continue the outsourcing for the foreseeable future.

Rush testified before the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

FISMA requires executive agencies to report their IT security status to OMB each September. The requirement includes an independent audit by each agency's IG or an independent third party.

Last March, Treasury transferred the Customs Service, Secret Service, Federal Law Enforcement Training Center, and part of the Bureau of Alcohol, Tobacco and Firearms to Homeland Security.

Rush said he had expected to lose about 35 percent of his auditing staff, but instead it fell from 165 people to 62. The IT auditing group dropped from 14 workers to five.

At the same time, Treasury faced an accelerated December deadline for its financial audit. The staff could not meet both deadlines, Rush said, so department chiefs decided to place the priority on the financial audit. The department made arrangements with OMB to submit the FISMA report in December.

As for the D security grade assigned to Treasury by the subcommittee last year, Rush laid much of the blame on long-troubled modernization efforts at the IRS, the largest bureau.

'The IRS' inability to accurately identify all of its systems really changed things' for the rest of the department, he said. But he acknowledged that security problems persist throughout Treasury.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group