Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 18 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Table 1 indicates with an "X" where we found weaknesses in selected
components' information security practices and controls.
Table 1: Weaknesses in DHS Selected Components' Information Security Practices and Controls
DHS DHS Risk Security test and Remedial action Continuity of
System component assessment Security plan evaluation plans operations
Major application US-VISIT n/a Xa n/a n/a n/a
Major application ICE X X X
Major application TSA X X X
General support ICE X X X
General support TSA X X X X
General support EP&R X X X X
Source: GAO analysis of information security documentation for United States and Immigrant Status Indicator Technology (US-VISIT),
Immigration and Customs Enforcement (ICE), Transportation Security Administration (TSA), and Emergency Preparedness and
Response (EP&R) systems.
aFor each system, we obtained and reviewed all documentation contained in the certification and
accreditation package-with the exception of US-VISIT-in this case, we reviewed only the security
Identifying and assessing information security risks are essential steps in
determining what controls are required and what level of resources should
be expended on controls. Moreover, by increasing awareness of risks, these
assessments generate support for the policies and controls that have been
adopted, which helps ensure that these policies and controls operate as
intended. FISMA requires agency's information security programs to
include periodic assessments of the risk and magnitude of the harm that
could result from the unauthorized access, use, disclosure, disruption,
modification, or destruction of information and information systems that
support the operations and assets of the agency.
Risk assessments for three of the five systems were not complete. For
example, two general support systems-one at Transportation Security
Administration and one at Immigration and Customs Enforcement-had
risk assessment reports that were in draft and incomplete. In addition to
the weaknesses we identified, the OIG, as part of its fiscal year 2004 FISMA
evaluation, identified that risk assessments for selected DHS systems that
they reviewed were not current. Unless DHS performs periodic risk
assessments of its information systems, it will not have assurance that
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/18/: accessed May 20, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.