DHS Cyber-Security Audit Scores Below Target Security Levels

A DHS cyber-security audit for FISMA compliance, conducted by the Office of Inspector General rated the agency below the target levels in three out of five areas of information security.

The Office of Inspector General assessed the information security acts that were in practice by the Department of Homeland Security and found out that the agency was underperforming the expected targets in three out of five areas and so was not up to the mark. Three of these were given a level two while the remaining two got a level four.

This audit was performed following the guidelines of the Federal Information Security Modernization Act, 2014 (FISMA) so as to determine whether the practices and programs of DHS information security program are adequate in keeping the information and information systems secure or not and are there systems something that can be completely relied upon.

Unfortunately, while DHS FISMA scores were being expected to be around Level Four, the DHS cyber-security audit found that this agency only meets two out of the five targets of cyber-security functions.
Of the five functions which are:  Identity, Detect, Protection, Recover and Respond, DHS FISMA scored at Level Four in Identify and Response but at Level Three in Protection, Detect, and Recover.
The OIG report noted that DHS met FISMA compliance for 98% to 99% of systems in DHS headquarters, Coast Guard, and FEMA.

The OIG report reached to the conclusion that because of the FISMA results in the DHS cyber-security audit, an additional oversight and understanding is required for the department to put in all the required effort to improve in making sure that the constituents comply perfectly with the Federal and DHS information security policy.

This how the results can be enhanced and made to reach a level four.

Source: Searchsecurity

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients