Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 7 of 36
The following text was automatically extracted from the image on this page using optical character recognition software:
Shortfalls in executing the responsibilities for ensuring compliance with
the departmentwide information security program allowed the weaknesses
that we identified to occur. Although the Chief Information Security Officer
(CISO) has responsibility for overseeing DHS components' compliance
with key information security practices and controls, the primary means
for doing so-an enterprise management tool known as Trusted Agent
FISMA-has not been reliable. The DHS Office of the Inspector General
(OIG) identified weaknesses with this tool that make it unreliable for use in
overseeing the components' reported performance data on their
compliance with key information security activities. Specifically, the OIG
reported that the data are not comprehensively verified, there is no audit
trail capability, material weaknesses are not consistently reported or linked
to plans of actions and milestones, and plans of actions and milestones that
have been identified and documented are not current. Until DHS addresses
these weaknesses and fully implements a comprehensive, departmentwide
information security program, its ability to protect the confidentiality,
integrity and availability of its information and information systems will be
To assist DHS in fully implementing its program, we are making
recommendations to the Secretary of DHS to fully implement key
information security practices and controls and to establish milestones for
developing a comprehensive information systems inventory and for
verifying the department's reported performance data. In providing written
comments on a draft of this report, DHS generally agreed with the contents
of the report and described actions to implement its security program.
To address the challenge of responding to current and potential threats to
homeland security-one of the federal government's most significant
challenges-Congress passed, and the President signed, the Homeland
Security Act of 2002.4 This act mandated the merger of 22 federal agencies
and organizations into DHS. Not since the creation of the Department of
Defense in 1947 has the federal government undertaken a transformation of
this magnitude. In March 2003, DHS assumed operational control of about
209,000 civilian and military positions from these 22 federal agencies and
organizations. Each of these agencies and organizations brought with it
management challenges, distinct missions, unique information technology
4Public Law 107-296 (November 25, 2002).
GAO-05-700 DHS Information Security
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/7/: accessed May 24, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.