Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Security Posture of the United States Coast Guard's Biometrics At Sea System Needs Improvements

Executive Summary

The United States Coast Guard (USCG) operates the Biometrics at Sea System (BASS) to collect biometric data from interdicted aliens. The biometrics are sent to the Department of Homeland Security’s (DHS) Automated Biometric Identification System (IDENT) to identify potential persons of interest, including suspected terrorists. We audited BASS interface with IDENT, security roles and responsibilities, and change control management. We determined that USCG did not have a routine reconciliation process to ensure that all biometrics that it captured on the 23 cutters are maintained in IDENT. Not ensuring reconciliation between the total biometrics USCG submitted and the number stored in IDENT may impede future identification of suspected terrorists, aggravated felons, or other individuals of interest. USCG also allowed application programmers with unrestricted system access to share passwords. The control weakness may result in individuals making unauthorized changes to the system without detection. Further, we determined that the authorization for the transition from the 2-fingerprint to 10-fingerprint application system was not properly documented and security documentation had not been updated. Without a proper authorization process, USCG could not provide assurance that senior executives approved the change prior to implementation.

Report Number
OIG-15-41
Issue Date
Document File
DHS Agency
Oversight Area
Fiscal Year
2015