Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 27 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Scope and Methodology
To determine whether the Department of Homeland Security (DHS) had
developed and documented a departmentwide information security
program, we reviewed departmental information security plans, policies,
procedures, and handbooks; agencywide tools for aggregating the
components' performance data on their assessment of meeting the
requirements of the Federal Information Security Management Act of 2002
(FISMA); and DHS's information systems inventory methodology. We
assessed whether DHS's departmentwide information security program
was consistent with the requirements of FISMA and applicable Office of
Management and Budget (OMB) policies1 and NIST guidance related to
performing risk assessments, developing information security plans,
testing and evaluating security controls, documenting remedial action
plans, and documenting and testing continuity of operations plans.
To determine whether DHS had implemented its departmentwide
information security program, we focused our review on the components'
alignment with key information security practices and controls. To
accomplish this, we selected seven DHS components-five of which DHS
categorize as major agency components due to their size and mission. The
five components selected were: Customs and Border Protection,
Transportation Security Administration, Immigration and Customs
Enforcement, U.S. Coast Guard, and Emergency Preparedness and
Response. We also selected these five components because they had been
in existence prior to the transformation of DHS and, from an evaluation
standpoint, focused on determining their progress in aligning with and
implementing the departmentwide information security program given
these components had their own information technology management
structures, information security policies and practices, and infrastructures.
As a comparison, we selected one component-Science and Technology-
that had not existed prior to the transformation to evaluate its alignment
with and implementation of the departmentwide information security
program. We also selected the United States Visitor and Immigrant Status
Indicator Technology (US-VISIT) program due to its significant mission in
providing security to our nation's borders.
Based on their criticality to DHS's mission operations, we selected for
review three major applications and three general support systems and
obtained documentation contained in the certification and accreditation
1Office of Management and Budget, Circular A-130, Appendix III, Security of Federal
Automated Information Resources (Washington, D.C.: Nov. 28, 2000).
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/27/: accessed May 26, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.