Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 16 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
DHS Has Developed
and Documented an
Since DHS became operational in March 2003, the CISO has developed and
documented departmental policies and procedures that could provide a
framework for implementing an agencywide information security program;
however, certain DHS components had not yet fully implemented key
information security practices and controls, as required by the program.
The CISO has taken several actions to develop and document a
departmentwide information security program. These actions include
* development, documentation, and dissemination of DHS information
security policies and procedures, strategic program plans, risk
management plans, and a management directive and handbook for the
components' use in implementing the requirements of the program;
* establishment of Information System Security Managers and
Information System Security Officers positions to implement DHS's
information security program departmentwide;
* documentation and issuance of specific guides to assist security
managers and security officers in aligning their individual components'
information security programs with the department's program;
* development of Trusted Agent FISMA and a digital dashboard as tools to
aggregate and report component and department level data for
enterprise management and oversight of the departmentwide
information security program; Trusted Agent FISMA is an enterprise
compliance and oversight tool that manages the collection and reporting
of the components' information associated with key information
security practices and controls, and the digital dashboard aggregates the
data collected in Trusted Agent FISMA and is used as a visual tool using
a traffic light display to gauge the progress of the departmentwide
information security program; and
* development and documentation of a departmentwide systems
inventory methodology that is designed to be used to develop, maintain,
and annually update an inventory of information systems operated by
the department or under its control.
In addition, as part of the department's efforts to develop and document a
departmentwide information security program, the CISO finalized the
Information Security Program Strategic Plan in April 2004, which
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/16/: accessed May 23, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.