HHS tightens FISMA compliance, but risks remain
- By Amanda Ziadeh
- Mar 09, 2016
While the Department of Health and Human Services has made progress in compliance with the Federal Information Security Modernization Act, an audit released by the HHS Office of Inspector General found that the department has ample opportunities to further improve its security program.
Auditors found the agency has not fully implemented a department-wide continuous monitoring program that shows how its operating divisions implement strategies and report on cybersecurity metrics, according to an article on FCW, a sister site to GCN.
The IG report also identified operating divisions that were using IT systems with expired authority to operate certificates and some that were failing to regularly implement account management procedures for shared accounts and new, transferred or terminated personnel. Other areas of weakness included lack of incident response and reporting procedures, incomplete inventories of contractor systems, failure of remote access policies, incomplete contingency planning documentation and ineffective contractor oversight.
The report’s recommendations suggest further work on vulnerability management, software assurance, information management, license management, malware detection and network management.
About the Author
Amanda Ziadeh is a Reporter/Producer for GCN.
Prior to joining 1105 Media, Ziadeh was a contributing journalist for USA Today Travel's Experience Food and Wine site. She's also held a communications assistant position with the University of Maryland Office of the Comptroller, and has reported for the American Journalism Review, Capitol File Magazine and DC Magazine.
Ziadeh is a graduate of the University of Maryland where her emphasis was multimedia journalism and French studies.
Click here for previous articles by Ms. Ziadeh or connect with her on Twitter: @aziadeh610.