Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 17 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Weaknesses Place DHS's
Operations and Assets at
provides a framework for establishing a unified, departmentwide
information security program.
Although the CISO has made significant progress in developing and
documenting a departmentwide information security program, certain DHS
components have not yet fully implemented key information security
practices and controls as required by the program. We identified
weaknesses in information security documentation for the three major
applications and three general support systems that we selected for review
that place DHS's operations and assets at risk. Among other things, DHS's
program requires the components to maintain information security
documentation in accordance with FISMA requirements, OMB policies, and
applicable NIST guidance. However, we identified that risk assessments
were not complete, security plans lacked required elements, test and
evaluation of security controls were either not comprehensive or not
performed, plans of action and milestones lacked required elements, and
continuity of operations plans were not complete, lacked required
elements, or had not been tested. In addition, DHS had not yet fully
developed a complete and accurate information systems inventory. As a
result of these weaknesses, DHS's ability to protect the confidentiality,
integrity, and availability of its information and information systems was
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/17/: accessed May 24, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.