Information Security News mailing list archives
The Pentagon Doesn't Know All the Software on Its Networks -- And That's a Problem
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 21 Dec 2018 11:19:52 +0000 (UTC)
https://www.defenseone.com/technology/2018/12/pentagon-doesnt-know-all-software-its-networksand-s-problem/153669/ By Heather Kuldell Managing Editor Defense One December 20, 2018The Defense Department faces "unnecessary" risk without a complete software inventory, according to the agency's inspector general.
The Defense Department's poor software management practices put its networks at "unnecessary" cyber risk -- and that's on the department's chief information officer, according to the agency inspector general.
The department doesn't have an enterprisewide software application rationalization program -- an inventory of what the department owns and is in use -- as required by the Federal Information Technology Acquisition Reform Act, the Defense inspector general wrote in a report released Tuesday. Such programs help agencies get rid of duplicative or obsolete applications and avoid buying redundant software.
Instead of an enterprisewide solution, the Defense CIO in 2017 revised a Joint Information Environment objective to limit software rationalization to data centers.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- The Pentagon Doesn't Know All the Software on Its Networks -- And That's a Problem InfoSec News (Dec 21)