Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 29 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Comments from the Department of Homeland
Washingan, TK' '052b
June 13, 2005
Mr. Gregory C. Wilshusen
Director, Informnnation Security Issues
U.S. Govcrrmeint Accountability Office
Subject: Response to June 2005 GAO Information Security Report (GAO-05-700)
Thank you for the opportunity to provide comments on your drail review of the
Dcpartment of Homeland Security (DiiS) Information Security Program. We appreciate
that the draft report acknowledges the progress that D IS has made in implementing its
In[urmation Security Program and the management challenges that the Department faces
as it continues to merge the information security programs of the 22 legacy agencies.
As noted in your report, "the Chief Information Security Oficer (C[SO) has made
significant progress in developing and docurncting a department-wide information
security program." We continually strive to improve and enhance the program based on
suggestions from our stakeholders, the lessons learned in the past two years, and
emerging needs of our customers. Our efforts are aimed at supporting the program's
mission to ensure that DHS has a secure and trusted computing environment chased on
sound risk management principles that enables the Department to effectively share
information in support of its mission.
However, we have accomplished more than document a department-wide information
security program. We are, in fact, investing significant resources in program
implementation. Central to that is an ongoing effort to complete a Depamncnt-wide
systems and applications inventory. We are scheduled to be completed in early August
of this yeur, anld wu will then have a comprehensive and consistent baseline for program
management and compliance in the future. We have also completed a success pilot of the
DHS unt;rprise Certification and Accreditation (C&A) Tool, and that tool was fully
functional as an enterprise application on April 11 th. Thec Lool provides the capabilities to
resolve issues with the Security Plans, testing and Evaluation, and Continuity of
Operations, The tool automates many critical C&A activities and will standardize the
content and format of security accreditation packages. Department policy mandates the
use of the C&A Tool for all new accreditation packages.
From April 1 1h through June 1, 335 new accreditation packages were initiated in the
DIIS C&A Tool. The CISO is funding numerous training classes to familiarize users
with the tool featu-es. In addition, the tool vendor is providing one-on-one assistance to
the Componcnt hlfornation Security System Managers (ISSMs) and their staff to resolve
implementation issues and to customize the tool to incorporate Component specific
baseline security requirements.
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/29/: accessed May 25, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.