The DHS National Protection and Programs Directorate has taken actions to improve the information security posture at federal agencies but could make further improvements to address its additional cybersecurity responsibilities, the DHS inspector general has said.
It said the NPPD Federal Network Resilience division takes an active approach towards managing the annual FISMA reporting process and conducts information security assessments at selected federal appoint agencies.
However, the division must develop a strategic implementation plan that defines its long-term goals on improving agencies’ information security programs, the IG said.
Further, it said increased communication and coordination with agencies can improve the FISMA reporting process and that NPPD should address deficiencies in maintaining and tracking training records of its contractor personnel as well as implement the required DHS baseline configuration settings on its application, CyberScope.
NPPD agreed with recommendations to coordinate with OMB to develop a strategic implementation plan identifying long-term goals and milestones for agency FISMA compliance.
It also agreed to update and finalize internal operating procedures and guidance documents to ensure that cyber responsibilities and procedures are clearly defined, implement a process to analyze and provide detailed feedback to agencies concerning monthly vulnerability data feeds, and establish a process to ensure that all CyberScope contractor system administrators have received adequate security training in line with applicable DHS, OMB, and NIST guidance.
