IG Questions DHS Execution of Active Directory

Audit Reveals Departmental Data at Risk of Unauthorized Access, Destruction

By , June 8, 2010.
IG Questions DHS Execution of Active Directory

A

See Also: Integrating the 3 R's of Data Protection to Reduce Risk

n audit of the Department of Homeland Security's Microsoft Windows Active Directory at its headquarters revealed that its implementation failed to fully comply with the department's security guidelines, and no mechanism was in place to ensure its level of security, DHS's inspector general said in a report made public Tuesday.

"These systems were added to the headquarters domain, from trusted components, before their security configurations were validated," the IG report said. "Allowing systems with existing security vulnerabilities into the headquarters domain puts department data at risk of unauthorized access, removal, or destruction."

The report also said DHS does not have a policy to verify the quality of security configuration on component systems that connect to headquarters. "Interconnection security agreements are present for each connection between headquarters and components to secure shared services; however, neither the agreements nor other policy define specific security controls required for connecting systems," the IG said. "Stronger management and technical controls are needed on trusted systems to protect data provided by the department's enterprise-wide applications."

The IG made three recommendations, and said that DHS has initiate actions to implement them.

Active Directory provides authentication services on a network, allowing system administrators to assign security policies, deploy software and apply critical software updates to the organization's Windows servers and workstations.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Congress Averts DHS Partial Shutdown

Congress, at the 11th hour, passed a bill to fund the Department of Homeland Security for the next...

Latest Tweets and Mentions

ARTICLE Congress Averts DHS Partial Shutdown

Congress, at the 11th hour, passed a bill to fund the Department of Homeland Security for the next...

The ISMG Network