By Ben Bain
Oct 15, 2009
Homeland Security Department agencies don.t sustain their information
security programs year-round or perform continuous monitoring to
maintain systems. accreditations and action plans, according to DHS
Inspector General Richard Skinner.
The IG's findings come from an annual independent evaluation of the
department's information security programs required by the Federal
Information Security Management Act (FISMA). The law requires agency IGs
to conduct the evaluations and agencies themselves to also conduct an
annual information security evaluation.
Overall monthly FISMA information security scores for DHS agencies drop
considerably after the annual deadline for FISMA reporting passes, the
IG found. Overall scores for how well DHS agencies perform certification
and accreditation and plans of action and milestones (POA&M) peak in
months when the annual FISMA reporting is done and then quickly drop,
the report said.
Meanwhile, Skinner also said DHS. Privacy Office is experiencing delays
in reviewing and approving privacy impact assessments (PIAs) that the
office is required to perform for many DHS IT systems.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News