We evaluated the Department of Homeland Security’s (DHS) enterprise-wide security program for Top Secret/Sensitive Compartmented Information intelligence systems. Pursuant to the Federal Information Security Management Act, we reviewed the Department’s security program including its policies, procedures, and system security controls for enterprise-wide intelligence systems. In doing so, we assessed the Department’s continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, plans of actions and milestones, contingency planning, and security capital planning. As of May 2012, the United States Coast Guard (USCG) authorizing official assumed oversight for USCG's shore-side intelligence systems from Office of Intelligence and Analysis (I&A). USCG is migrating its Coast Guard Intelligence Support System to a multi-authorizing official structure including DHS, USCG, and Defense Intelligence Agency.
Review of DHS' Information Security Program for Intelligence Systems for Fiscal Year 2013