The Department of Agriculture does not adequately protect
network boundaries, sufficiently control network access,
appropriately limit mainframe access, nor has it fully
implemented a comprehensive program to monitor access
activity, the General Accounting Office has said.
It said the Chief Information Officer for USDA needs to
correct a number of information security weaknesses and
fully implement a comprehensive security management program.
In addition, weaknesses in other information security
controls, including physical security, personnel controls,
system software, application software, and service
continuity, further increase the risk to USDA’s
information systems, said GAO.
It said that as a result, sensitive data–including
information relating to the privacy of U.S. citizens,
payroll and financial transactions, proprietary
information, agricultural production and marketing
estimates are at risk of modification or loss, and
possibly without being detected.
While USDA has initiatives under way, it has not fully
implemented key security measures, said GAO. For
example, it said agency security personnel have lacked
the management involvement needed to effectively
implement security programs, that three agencies have
not completed any of the required risk assessments,
and only half the department’s systems have been tested.
FEDweek
Publisher, Don Mace
VP of Marketing, Kevin Couch
Website: www.fedweek.com
Published weekly by FEDweek LLC
11551 Nuckols Rd. Suite L
Glen Allen, VA 23059
(804) 288-5321
Putting Federal Employees and Retirees First
A 100% Veteran-Owned Business