The Department of Homeland Security (DHS) has taken huge strides toward better protecting its networks, according to a report from the agency’s Inspector General (IG).
First, the agency has “completed a comprehensive inventory of its major applications and general support systems, including contractor and national security systems.”
Second, it has implemented a certification and accreditation (C&A) tool that will allow it to complete C&A for all the agency’s systems.
Despite the improvements, the agency still has a lot of work ahead of it. The IG report noted, however, that “DHS has not improved its incident detection, handling, reporting, and analysis procedures during the last year,” nor does it have a vulnerability assessment program that ensures annual review of agency networks. DHS has set up an IT Security Training Working Group, but it has not yet implemented a Web-based IT security training program that was originally scheduled to be rolled out in 2004. And, the IG notes, existing security awareness training does not explain the department’s policy on peer-to-peer file sharing.
@ Evaluation of DHS’s Information Security Program for Fiscal Year 2005 is available at SM Online.