WASHINGTON, Oct. 19 (UPI) -- The U.S. Department of Homeland Security is not properly securing its computer systems, according to a new report from Inspector General Richard Skinner.
Although the department’s chief information security officer reported July 31 that 530 out of Homeland Security’s 603 operational systems had been certified as meeting information security requirements, the inspector general found that only 486 of those certifications could be considered valid.
“Systems are being accredited without key documents or missing key information,” reads the report, which says that security plans are not being created for known vulnerabilities, and when they are, their implementation is often not monitored.
The report blames department components -- many of which have legacy systems imported into the department when it was formed from the merger of nearly two dozen agencies, and most of which have their own chief information officers -- for not implementing department policy properly.
“Management oversight of the component’s implementation of the department’s policies and procedures needs to be improved to ensure the quality of the certification and accreditation process and that all information security weaknesses are tracked and remediated,” concludes the report.
