Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 22 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
is essential to determining whether plans will function as intended in an
For all five of the continuity of operations plans reviewed, program
officials either did not include all information necessary to restore
operations in the event of a disaster or have a documented plan. For
example, the continuity of operations plans for an Immigration and
Customs Enforcement general support system and a major application
lacked critical information such as the activities necessary to return to
normal operations, personnel contact information, locations of associated
telecommunications infrastructure, location of off-site storage for backup
media, and vendor contact information. Further, program officials did not
have continuity of operations plans for a Transportation Security
Administration major application and general support system. The OIG
also reported deficiencies in DHS's continuity of operations plans.
Specifically, the OIG performed a quality review of selected certification
and accreditation packages and found instances where continuity of
operations plans did not meet all of the applicable requirements. Further,
the OIG identified instances in which systems were accredited even though
continuity of operations plans had not been developed or tested. Moreover,
in its FISMA report to OMB for fiscal year 2004, DHS had reported that 79
percent of its systems did not have a tested continuity of operations plan.
As a result, the department has limited assurance that it will be able to
protect its critical and sensitive information and information systems and
resume operations promptly when unexpected events or unplanned
DHS Does Not Have a Complete FISMA requires agencies to develop, maintain, and annually update an
and Accurate Information inventory of information systems that are either operated by the agency or
Systems Inventory under its control. The inventory is to identify the interfaces between each
system and all the other systems or networks with which it communicates,
including those that are not operated by or under the control of DHS.
In December 2004, the DHS CISO approved a departmentwide information
systems inventory methodology that its contractor developed and has
begun implementing it across the department. Our assessment of the
methodology determined that it is appropriately based on the requirements
of FISMA, OMB policies, and applicable NIST guidance and standards and,
if fully implemented, could provide the department with a comprehensive
inventory of its information systems.
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/22/: accessed May 22, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.