Transportation must improve systems security reviews, IG says

Transportation must improve systems security reviews, IG says

The Transportation Department needs to do a better job assessing systems for security weaknesses, according to a new report from the DOT inspector general.

Although 'DOT has made significant progress,' issues remain in assuring that the department is finding and fixing problems, said Alexis Stefani, principal assistant inspector general for auditing and evaluation, in the report.

The Federal Information Security Management Act requires that the department review the security of all its systems, report on its findings, set fix-it plans and then certify systems as secure.

The quality of security certification reviews needs to be improved, the IG concluded, making special note of the need for more stringent reviews and the creation of backup plans for the Federal Aviation Administration system.

The audit team found inadequate assessments of systems risks, a lack of evidence that tests were performed, incomplete presentation of remaining weaknesses and little follow-up to assure that problems were being fixed.

Additionally, the report called for the CIO office and Transportation agencies to better coordinate IT budget requests so the requests clearly detail how DOT plans to use funds. The report noted that Transportation is consolidating systems in 11 business areas, doing away with redundant systems for separate agencies and organizations within the department. But agencies historically have made their own IT investment decisions and submitted separate budget requests.

The IG based its report on a review from July through September of systems that had cleared the security certification review process. The CIO's office agreed with the report's findings and recommendations.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected