Transportation must improve systems security reviews, IG says

Transportation must improve systems security reviews, IG says

The Transportation Department needs to do a better job assessing systems for security weaknesses, according to a new report from the DOT inspector general.

Although 'DOT has made significant progress,' issues remain in assuring that the department is finding and fixing problems, said Alexis Stefani, principal assistant inspector general for auditing and evaluation, in the report.

The Federal Information Security Management Act requires that the department review the security of all its systems, report on its findings, set fix-it plans and then certify systems as secure.

The quality of security certification reviews needs to be improved, the IG concluded, making special note of the need for more stringent reviews and the creation of backup plans for the Federal Aviation Administration system.

The audit team found inadequate assessments of systems risks, a lack of evidence that tests were performed, incomplete presentation of remaining weaknesses and little follow-up to assure that problems were being fixed.

Additionally, the report called for the CIO office and Transportation agencies to better coordinate IT budget requests so the requests clearly detail how DOT plans to use funds. The report noted that Transportation is consolidating systems in 11 business areas, doing away with redundant systems for separate agencies and organizations within the department. But agencies historically have made their own IT investment decisions and submitted separate budget requests.

The IG based its report on a review from July through September of systems that had cleared the security certification review process. The CIO's office agreed with the report's findings and recommendations.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.