US flag signifying that this is a United States Federal Government website Official website of the Department of Homeland Security

Evaluation of DHS' Information Security Program for Fiscal Year 2016

Executive Summary

Despite the progress made, Components were not consistently following DHS’ policies and procedures to maintain current or complete information on remediating security weaknesses timely. Components operated 79 unclassified systems with expired authorities to operate.  Further, Components had not consolidated all internet traffic behind the Department’s trusted internet connections and continued to use unsupported operating systems that may expose DHS data to unnecessary risks.  Our review identified deficiencies related to configuration management and continuous monitoring. We made four recommendations to the Chief Information Security Officer.  The Department concurred with all four recommendations.

Report Number
OIG-17-24
Issue Date
Document File
DHS Agency
Oversight Area
Keywords
Fiscal Year
2017

Would you like to take a brief survey regarding our site?