Evaluation of Department of State Information Security Program ...

More documents

Recommendations

Info

UNCLASSIFIED UNCLASSIFIED 12 The Department will verify that all Department of State computers at other Federal agencies are clearly documented. (We found no defects with regard to the process for contractor sites.) Recommendation 18: {Section J} We recommend that the Bureau of Diplomatic Security, in coordination with the Bureau of Administration, establish procedures to identify the total number of contractors who have access to Department of State systems as required by the Office of Management and Budget Memorandum M-11-33, FY 2011Reporting Instructionsfor the Federal Information Security Management Act and Agency Privacy Management. Department Response to Recommendation 18: The Department does not agree with this recommendation because a) knowing the exact total number of contractors (a continuously changing number) does not have an impact upon the security of the Department, and b) it is not required by M-1l-33. Recommendation 19: {Section K} We recommend that the Chief Information Officer, as required by Office of Management and Budget (OM B) Memorandum M-11-33, FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management and OMB Circular No. A-II, Preparation, Submission, and Execution of the Budget: • Ensure that the Bureau of Information Resource Management/ Business Management and Planning track all obligations and expenditures for information technology security investments. • Provide a summary of non-maj or investments that make up the information technologyinfrastructure and other major investments. • Include the Unique Project Identifier in the Department of State's Plans of Action and Milestones database. Department Response to Recommendation 19: The Department agrees with the recommendation, but not the authorities cited and will: • Track and include a summary report for all obligations and expenditures for all IT projects with a) a material level offunding, or b) significant security risk. • Include UP Is in the Department's POA&M for each system. 73 UNCLASSIFIED
FRAUD, WASTE, ABUSE, OR MISMANAGEMENT of Federal programs and resources hurts everyone. Call the Office of Inspector General HOTLINE 202/647-3320 or 1-800-409-9926 to report illegal or wasteful activities. You may also write to Office of Inspector General U.S. Department of State Post Office Box 9778 Arlington, VA 22219 Please visit our Web site at oig.state.gov Cables to the Inspector General should be slugged “OIG Channel” to ensure confidentiality.
Page 1:
Office of Inspector General UNCLASS
Page 5 and 6:
UNCLASSIFIED IT information technol
Page 7 and 8:
UNCLASSIFIED APPENDIX F. SYSTEMS WI
Page 9 and 10:
UNCLASSIFIED patches within require
Page 11 and 12:
UNCLASSIFIED We found that the Cont
Page 13 and 14:
UNCLASSIFIED improvements regarding
Page 15 and 16:
UNCLASSIFIED Diplomatic Security/Se
Page 17 and 18:
UNCLASSIFIED Department’s risk ma
Page 19 and 20:
UNCLASSIFIED performance. For examp
Page 21 and 22:
UNCLASSIFIED � From a sample of 2
Page 23 and 24:
UNCLASSIFIED 800-37 18 states that
Page 25 and 26:
UNCLASSIFIED � Approximately 300
Page 27 and 28:
UNCLASSIFIED � One of 25 OpenNet
Page 29 and 30: UNCLASSIFIED that an organization-d
Page 31 and 32: UNCLASSIFIED indicated that the foc
Page 33 and 34: UNCLASSIFIED Management Response: T
Page 35 and 36: UNCLASSIFIED � Document and maint
Page 37 and 38: UNCLASSIFIED The Department’s con
Page 39 and 40: UNCLASSIFIED For four 46 of 10 appr
Page 41 and 42: UNCLASSIFIED OIG Additional Analyse
Page 43 and 44: UNCLASSIFIED List of Current Year R
Page 45 and 46: UNCLASSIFIED � Develop operating
Page 47 and 48: UNCLASSIFIED required by the Office
Page 49 and 50: UNCLASSIFIED DRAFT We used the foll
Page 51 and 52: UNCLASSIFIED Appendix B. Followup o
Page 53 and 54: UNCLASSIFIED program managers and o
Page 55 and 56: UNCLASSIFIED Appendix D. Systems Wi
Page 57 and 58: UNCLASSIFIED Appendix E. Vulnerabil
Page 59 and 60: UNCLASSIFIED For the 16 systems tes
Page 61 and 62: UNCLASSIFIED SMART-SBU Windows File
Page 63 and 64: (b) (5) UNCLASSIFIED Appendix G. Se
Page 65 and 66: NIST SP 800-37 NIST SP 800-37 Confi
Page 67: UNCLASSIFIED System Telegram Distri
Page 71 and 72: UNCLASSIFIED UNCLASSIFIED 3 justifi
Page 74 and 75: UNCLASSIFIED 6 Department Response
Page 76 and 77: UNCLASSIFIED UNCLASSIFIED 8 The Dep
Page 78 and 79: UNCLASSIFIED UNCLASSIFIED 10 • De
Page 82: UNCLASSIFIED UNCLASSIFIED
show all

Evaluation of Department of State Information Security Program ...

Create successful ePaper yourself

Delete template?

Save as template?