Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 28 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Scope and Methodology
packages for the selected systems to assess the extent to which the
components implemented key information security practices and controls.
Certification is a comprehensive process of assessing the level of security
risk, identifying security controls needed to reduce risk and maintain it at
an acceptable level, documenting security controls in a security plan, and
testing controls to ensure they operate as intended. Accreditation is a
written decision by an agency management official authorizing operation of
a particular information system or group of systems. Specifically, we
reviewed and analyzed information security plans, risk assessments,
information security test and evaluation reports, remedial action plans, and
continuity of operations plans for the selected systems. We compared the
components' documented practices and controls for these information
security areas with applicable FISMA requirements, OMB guidance, and
applicable NIST guidance.
To supplement our documentation reviews and analysis, we reviewed and
considered various audit reports from the CIO and OIG evaluations of
DHS's information security program, including DHS's and OIG's annual
FISMA reports from 2003 and 2004.
We performed our review at DHS headquarters, the offices of the seven
components, and at our headquarters in the Washington, D.C., metropolitan
area; and at DHS's network and security operations center in Denver,
Colorado, from July 2004 through May 2005. Our review was performed in
accordance with generally accepted government auditing standards.
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/28/: accessed May 20, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.