Transportation must improve systems security reviews, IG says

Transportation must improve systems security reviews, IG says

The Transportation Department needs to do a better job assessing systems for security weaknesses, according to a new report from the DOT inspector general.

Although 'DOT has made significant progress,' issues remain in assuring that the department is finding and fixing problems, said Alexis Stefani, principal assistant inspector general for auditing and evaluation, in the report.

The Federal Information Security Management Act requires that the department review the security of all its systems, report on its findings, set fix-it plans and then certify systems as secure.

The quality of security certification reviews needs to be improved, the IG concluded, making special note of the need for more stringent reviews and the creation of backup plans for the Federal Aviation Administration system.

The audit team found inadequate assessments of systems risks, a lack of evidence that tests were performed, incomplete presentation of remaining weaknesses and little follow-up to assure that problems were being fixed.

Additionally, the report called for the CIO office and Transportation agencies to better coordinate IT budget requests so the requests clearly detail how DOT plans to use funds. The report noted that Transportation is consolidating systems in 11 business areas, doing away with redundant systems for separate agencies and organizations within the department. But agencies historically have made their own IT investment decisions and submitted separate budget requests.

The IG based its report on a review from July through September of systems that had cleared the security certification review process. The CIO's office agreed with the report's findings and recommendations.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected