US flag signifying that this is a United States Federal Government website Official website of the Department of Homeland Security

FISMA

  • Evaluation of DHS' Information Security Program for Fiscal Year 2018

    Executive Summary

    DHS’ information security program was effective for fiscal year 2018 because the Department earned the targeted maturity rating, “Managed and Measurable” (Level 4) in four of five functions, as compared to last year’s lower overall rating, “Consistently Implemented” (Level 3). We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training. By addressing the remaining deficiencies, DHS can further improve its security program ensuring its systems adequately protect the critical and sensitive data they store and process.

    Report Number
    OIG-19-60
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
  • (U) Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems for Fiscal Year 2018

    Executive Summary

    We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.
     

    We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.

    Report Number
    OIG-19-34-UNSUM
    Issue Date
    DHS Agency
    Oversight Area
    Fiscal Year
    2019
  • Fiscal Year 2017 Evaluation of DHS' Compliance with Federal Information Security Modernization Act Requirements for Intelligence Systems

    Executive Summary

    Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.

    Report Number
    OIG-18-59
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Fiscal Year
    2018
  • Evaluation of DHS' Information Security Program for Fiscal Year 2016

    Executive Summary

    Despite the progress made, Components were not consistently following DHS’ policies and procedures to maintain current or complete information on remediating security weaknesses timely. Components operated 79 unclassified systems with expired authorities to operate.  Further, Components had not consolidated all internet traffic behind the Department’s trusted internet connections and continued to use unsupported operating systems that may expose DHS data to unnecessary risks.  Our review identified deficiencies related to configuration management and continuous monitoring. We made four recommendations to the Chief Information Security Officer.  The Department concurred with all four recommendations.

    Report Number
    OIG-17-24
    Issue Date
    Document File
    DHS Agency
    Oversight Area
    Keywords
    Fiscal Year
    2017
Subscribe to FISMA

Would you like to take a brief survey regarding our site?