Evaluation of Department of State Information Security Program ...
08.11.2012 Views
Share Embed Flag

Evaluation of Department of State Information Security Program ...

Evaluation of Department of State Information Security Program ...

Evaluation of Department of State Information Security Program ...

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
oig.state.gov

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

UNCLASSIFIED<br />

Table <strong>of</strong> Contents<br />

EXECUTIVE SUMMARY ..............................................................................................1<br />

BACKGROUND ............................................................................................................6<br />

RESULTS OF REVIEW .................................................................................................7<br />

A. RISK MANAGEMENT FRAMEWORK NEEDS IMPROVEMENT .....................7<br />

B. SECURITY CONFIGURATION MANAGEMENT NEEDS IMPROVEMENT .....11<br />

C. INFORMATION SECURITY TRAINING REQUIREMENTS WERE NOT<br />

ENFORCED ................................................................................................13<br />

D. PLANS OF ACTION AND MILESTONES ARE NOT EFFECTIVE ..................15<br />

E. ACCOUNT MANAGEMENT PROCESSES IN ACTIVE DIRECTORY NEED TO<br />

BE IMPROVED...........................................................................................17<br />

F. THE USER PROVISIONING PROCESS FOR CREATING, MODIFYING, AND<br />

DISABLING USERS’ ACCOUNTS REQUIRES SIGNIFICANT<br />

IMPROVEMENT .........................................................................................19<br />

G. CONTINUOUS MONITORING PROGRAM NEEDS TO BE IMPROVED.........21<br />

H. THE CONTINUITY OF OPERATIONS PROGRAM<br />

NEEDS TO BE IMPROVED..........................................................................24<br />

I. INFORMATION SYSTEM CONTINGENCY PLANS<br />

NEEDS TO BE IMPROVED .........................................................................26<br />

J. OVERSIGHT OF CONTRACTOR SYSTEMS AND EXTENSIONS NEEDS<br />

IMPROVEMENT .........................................................................................29<br />

K. CAPITAL PLANNING REQUIRES IMPROVEMENT .....................................31<br />

LIST OF CURRENT YEAR RECOMMENDATIONS ......................................................36<br />

APPENDIX A. OBJECTIVES, SCOPE, AND METHODOLOGY.....................................41<br />

APPENDIX B. FOLLOWUP OF RECOMMENDATIONS FROM THE FY 2010 FISMA<br />

REPORT.....................................................................................................44<br />

APPENDIX C. SYSTEMS WITH INVALID AUTHORITY TO OPERATE ......................47<br />

APPENDIX D. SYSTEMS WITH OUTDATED SECURITY BASELINE CONTROLS .......48<br />

APPENDIX E. VULNERABILITY ASSESSMENT .........................................................50<br />

UNCLASSIFIED

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!