Pursuant to the Federal Information Security Modernization Act of 2014, we reviewed the Department’s security program, including its policies, procedures, and system security controls for the enterprise-wide intelligence system. Since our FY 2016 evaluation, the Office of Intelligence and Analysis (I&A) has continued to provide effective oversight of the department-wide intelligence system and has implemented programs to monitor ongoing security practices. In addition, the United States Coast Guard is in the process of migrating its intelligence users to a system that is jointly managed by the Defense Intelligence Agency and the National Geospatial Agency.
- Executive SummaryReport NumberOIG-18-59Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2018
- Executive Summary
Despite the progress made, Components were not consistently following DHS’ policies and procedures to maintain current or complete information on remediating security weaknesses timely. Components operated 79 unclassified systems with expired authorities to operate. Further, Components had not consolidated all internet traffic behind the Department’s trusted internet connections and continued to use unsupported operating systems that may expose DHS data to unnecessary risks. Our review identified deficiencies related to configuration management and continuous monitoring. We made four recommendations to the Chief Information Security Officer. The Department concurred with all four recommendations.Report NumberOIG-17-24Issue DateDocument FileDHS AgencyOversight AreaFiscal Year2017