Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 25 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
documenting such a program has merit. However, ensuring that the
components implement key information security practices and controls,
especially with a department as diverse as DHS, requires effective
management oversight and monitoring. Having a complete and accurate
information systems inventory and a process in place to verify the
components' data on their implementation of the key information security
practices and controls is needed for DHS to effectively implement its
information security program. However, until it does so, DHS will have
limited assurance that its operations and assets are adequately protected.
To help fully implement DHS's departmentwide information security
program, we recommend that the Secretary of DHS direct the Chief
Information Officer to
* instruct the CISO and component agencies to fully implement the
following key information security practices and controls by
* developing complete risk assessments;
* documenting comprehensive security plans;
* fully performing testing and evaluation of security controls;
* reporting complete remedial action plans; and
* developing, documenting, and testing continuity of operations plans.
* establish milestones for completing verification of the components'
reported performance data in Trusted Agent FISMA.
In providing written comments on a draft of this report, DHS's Chief
Information Security Officer generally agreed with the contents of the
report and described recently completed, ongoing or planned efforts to
implement the department's information security program. For example,
the Chief Information Security Officer stated that the agency has efforts
under way to improve processes for developing complete risk assessments;
documenting and updating security plans; verifying the results of annual
testing and evaluation of security controls; reporting complete remedial
action plans; and developing, documenting, and testing continuity of
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/25/: accessed May 20, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.