Despite the progress made, Components were not consistently following DHS’ policies and procedures to maintain current or complete information on remediating security weaknesses timely. Components operated 79 unclassified systems with expired authorities to operate. Further, Components had not consolidated all internet traffic behind the Department’s trusted internet connections and continued to use unsupported operating systems that may expose DHS data to unnecessary risks. Our review identified deficiencies related to configuration management and continuous monitoring. We made four recommendations to the Chief Information Security Officer. The Department concurred with all four recommendations.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.