Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 33 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Comments from the Department of Homeland
In order to ensure that all Components identify critical ard sensitive information DHS, in
March 2005, the CISO bcgan distributing an Information Security Categorization
Workbook. This workbook can be used for identifying the FIPS 199 security
categorizations (e.g., High, Medium, and Low for Confidentially, Integrity, and
Identification of critical and sensitive DHS information is an important first step in
solving the contingency plain issues.
Conclusion and Path Forward
In conclusion. negative reviews of the DHS Information Security Program are a result of
the following pervasive institutional impediments:
* Inaccurate legacy organization inventories
* IT' systems fielded by mission owners outside the purview of the CIO
* Inadequate ccrtification and accreditation (C&A) of information systems
* Institutional resistance to new processes and procedures
* General lack of accountability for information security
The strategy the DHS CISO Leamn is implementing to overcome these impediments to
program implementation is illustrated below. This strategy builds on the sucessful
initiatives that were implemented in Fiscal Year 2004.
4/05 0o5 5005 10)05 9oo
Proccsss Program C&A C&A Component
Tools Acountability Irwentory RapmediaUon ferndation Corponent
Enterprise Metrics Inventory all Streamlined Assistance ystem
FISMA using Dlgital systems C&A Visits to initiate AccrdiLaiarons
Reporting & Oashboard and Techniques System Comploted
C&A Tool and applications Piloted at TSA Certifications
Balanced in OHS & CBP
Processes and ,Tools: Two enterprise, web-based, security management tools are
operational and are intended to reduce the cost of security management activities. A
FISMA reporting tool, Trusted Agent FTSMA, automates the POA&M process, annual
Lest and evaluation, inventory management, and FISMA report development.
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/33/: accessed May 19, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.