DHS agencies don't sustain info security programs, IG says

[InfoSec News <alerts () infosecnews org>]

http://fcw.com/articles/2009/10/15/web-dhs-inspector-general-fisma.aspx

By Ben Bain
FCW.com
Oct 15, 2009

Homeland Security Department agencies don.t sustain their information 
security programs year-round or perform continuous monitoring to 
maintain systems. accreditations and action plans, according to DHS 
Inspector General Richard Skinner.

The IG's findings come from an annual independent evaluation of the 
department's information security programs required by the Federal 
Information Security Management Act (FISMA). The law requires agency IGs 
to conduct the evaluations and agencies themselves to also conduct an 
annual information security evaluation.

Overall monthly FISMA information security scores for DHS agencies drop 
considerably after the annual deadline for FISMA reporting passes, the 
IG found. Overall scores for how well DHS agencies perform certification 
and accreditation and plans of action and milestones (POA&M) peak in 
months when the annual FISMA reporting is done and then quickly drop, 
the report said.

Meanwhile, Skinner also said DHS. Privacy Office is experiencing delays 
in reviewing and approving privacy impact assessments (PIAs) that the 
office is required to perform for many DHS IT systems. 

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org