The Department of Transportation’s privacy controls are not effective and it should take corrective actions, an audit of the department’s efforts to protect personally identifiable information has concluded.
The audit was conducted by CliftonLarsonAllen, which made several recommendations, including for the CIO to implement and monitor a process for ensuring information system security controls are implemented and operating according to federal requirements and department policy.
The audit also recommended that the CIO ensure that the inventory of systems containing PII as well as DoT websites is monitored and updated at least annually, and it called on the CIO to implement procedures that will trigger a change to the inventory listing when systems are added, deleted, or when changes occur.
Report: http://www.oig.dot.gov/library-item/6557