security audit

HHS tightens FISMA compliance, but risks remain

While the Department of Health and Human Services has made progress in compliance with the Federal Information Security Modernization Act,  an audit released by the HHS Office of Inspector General found that the department has ample opportunities to further improve its security program.

Auditors found the agency has not fully implemented a department-wide continuous monitoring program that shows how its operating divisions implement strategies and report on cybersecurity metrics, according to an article on FCW, a sister site to GCN.   

The IG report also identified operating divisions that were using IT systems with expired authority to operate certificates and some that were failing to regularly implement account management procedures for shared accounts and new, transferred or terminated personnel. Other areas of weakness included lack of incident response and reporting procedures, incomplete inventories of contractor systems, failure of remote access policies, incomplete contingency planning documentation and ineffective contractor oversight.

The report’s recommendations suggest further work on vulnerability management, software assurance, information management, license management, malware detection and network management.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected