Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

GAO urges response on FAA security

From: William Knowles <wk () C4I ORG>
Date: Thu, 7 Dec 2000 14:56:55 -0600
http://www.fcw.com/fcw/articles/2000/1204/web-faa-12-07-00.asp

BY Paula Shaki Trimble
12/07/2000

The General Accounting Office followed up Wednesday on its recent
criticisms of the Federal Aviation Administrations computer security
with a report detailing recommendations and soliciting a response from
the FAA on actions it has taken.

The report to Transportation Secretary Rodney Slater, "FAA Computer
Security: Recommendations to Address Continuing Weaknesses," makes
recommendations based on suggestions that GAO offered in testimony
Sept. 27 before the House Science Committee.

At that time, GAO said it found that the FAAs computer security
program had "serious, pervasive problems," particularly a failure to
conduct background checks on contractor personnel working on Year 2000
rollover problems and who were hired to conduct vulnerability testing
at the FAA.

The Dec. 6 report insists that those critical weaknesses need to be
addressed, and it reminded Slater that the head of a federal agency is
required to submit a written statement on actions taken on GAOs
recommendations within 60 days. The agency also is required to submit
a written statement to its House and Senate appropriators with its
first request for appropriations following the report.

The report directs Slater and FAA Administrator Jane Garvey to
complete actions including:

* Tracking when re-investigations of federal employees are due and
  ensuring that they occur.

* Expediting the required background searches of contract employees.

* Performing vulnerability assessments of the critical systems that
  were worked on by foreign nationals in order to assess those systems
  vulnerability to unauthorized access.

* Quickly completing assessments of air traffic control systems,
  addressing any weaknesses identified during those assessments and
  accrediting the systems.

* Completing efforts to implement and enforce a comprehensive
  management/software change control policy.

* Completing information systems security directives and implementing
  new information systems security training courses.

* Assessing the effects of security breaches on all systems and
  developing contingency plans for such breaches.

* Increasing efforts to establish a fully operational Computer
  Security and Intrusion Response Capability that allows for prompt
  detection, analysis and reporting of all computer systems security
  incidents.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: