Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 23 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
As of March 2005, DHS has completed the information systems inventory
for the OIG and the Transportation Security Administration and is
completing its efforts to implement the methodology at the Immigration
and Customs Enforcement. In response to the OIG's fiscal year 2004 FISMA
report, which reiterated its prior year recommendation that DHS develop a
complete and accurate systems inventory, DHS acknowledged that it needs
a complete and accurate systems inventory for all of its components in
order to effectively manage its program and ensure departmentwide
implementation. Subsequent to that report, DHS established a milestone of
August 5, 2005, for developing a complete DHS systems inventory. Until
DHS has a complete and accurate systems inventory, DHS will be inhibited
in its ability to oversee and manage the information and information
systems that support the operations and assets of the agency.
Shortfalls in executing the responsibilities for ensuring compliance with
the departmentwide information security program allowed the weaknesses
that we identified to occur. The CISO has responsibility for overseeing DHS
components' compliance with key information security practices and
controls. To fulfill this responsibility, the CISO developed and implemented
Trusted Agent FISMA14 in order to aggregate the component's reported
performance data that arise from annual self-assessments and OMB
metrics for key information security activities, such as number of
significant deficiencies and whether remedial action plans to address the
deficiencies had been developed, and the number of system continuity of
operations plans documented and tested. Security officers at the
components are responsible for updating the tool with data that arise from
annual self-assessments, as well as from other system-level security
metrics. The security managers have the responsibility for ensuring that all
required metrics data are updated. These data are aggregated in the digital
dashboard15 and reported to OMB for the department as a whole.
14Trusted Agent FISMA is an enterprise tool for aggregating data reported by the
components to gauge how well the department is complying with key information security
practices and controls.
'5The digital dashboard is to serve as a management tool to ensure the components take a
risk-based, cost-effective approach to secure their information and information systems,
identify and resolve current information security weaknesses and risks, as well as protect
against future vulnerabilities and threats. The dashboard allows management to monitor the
components' remediation efforts to identify progress and problems. Each component's
success in meeting the FISMA requirements is reported as a percentage of compliance,
along with a red, amber, or green color-coded gauge or traffic light display.
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/23/: accessed May 24, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.