By Frank Tiboni
Jan. 11, 2006
The Defense Department poorly tracks information technology security
and investments, causing the department, the Office of Management and
Budget and Congress to make uninformed IT budget and policy decisions,
according to DOD inspector general reports.
The military services and DOD agencies are not consistently reporting
IT systems security data in two main databases. They include the IT
Registry, which inventories DOD systems and provides their security
status, and the IT Management Application, which contains DOD IT
budget information, according to the "Security Status for Systems
Reported in DOD IT Databases," The IG released the report last month.
"Specifically, 120 of 148 IT systems (81 percent) reported in the
fiscal year 2006 President's Budget Capital Investment Reports did not
match to reports on the same systems in the IT Registry, and 87 of 148
IT Registry reports (59 percent) were not internally consistent
between the system mission criticality and the mission assurance
category data elements," the report states. The IG said the military
services and department agencies also did not submit timely, accurate
and complete IT certification and compliance statements to DOD's chief
The IG recommended several steps to fix the problem, including using
automatic data integrity tools in the databases and penalizing
department CIOs who did not implement controls. The IG asked the DOD
CIO to respond to the report by Jan. 27.
This was the second report in seven months that is critical of the
information in DOD databases. The IG criticized the military services
and department agencies in June 2005 for not adequately reporting IT
investments to OMB in support of the fiscal 2006 DOD budget.
InfoSec News v2.0 - Coming Soon!