IG Gives DHS Intel System Clean Bill of Health, of SortsIntel Program Deemed Effective, But IG Raises Some Concerns
DHS's inspector general, in a declassified version of an audit released Wednesday, said the department maintains an effective, enterprisewide information management program for its intelligence systems by developing information security procedures and implementing effective security controls.
But like most IG and Government Accountability Office audits, there's a but in the findings. According to the IG, management oversight and operational issues remain regarding the effectiveness of the program:
"Concerns with system certification and accreditation documentation and the implementation of a formal information system security training and awareness program for intelligence personnel still exist. Further, because the Intelligence and Analysis Office is now responsible for the U.S. Coast Guard intelligence systems reporting, the office should continue to provide management oversight to ensure that the U.S. Coast Guard maintains an effective information technology security program and complies with FISMA and DHS requirements."
Being an unclassified summary on a classified audit report, the IG did not provide specifics.
The IG reviewed enterprisewide security program and practices for its Top Secret/Sensitive Compartmented Information intelligence systems as part of its regular review required by the Federal Information Security Management Act. Specifically, the IG examined DHS's security management, implementation and evaluation of its intelligence activities, including its policies, procedures, and system security controls for enterprisewide intelligence systems. It assessed the department's plan of action and milestones, certification and accreditation, privacy and incident reporting processes, as well as its security training and awareness program.