Despite getting high marks for its compliance with computer security legislation, the Justice Department had major systemic information technology vulnerabilities and did not fully implement policies and procedures meant to increase IT security, according to an audit by the department’s inspector general.
The IG found vulnerabilities that require immediate attention, including inadequate access controls and outdated security patches. The IG determined that Justice lacks effective methodologies for tracking corrective action, applying department wide fixes and maintaining an inventory of devices connected to the department’s various IT networks, the Dec. 12 report states. Portions of the document were redacted.
Justice received an A-plus for its compliance with the Federal Information Security Management Act (FISMA) in fiscal 2007 on an annual report card released by Rep. Tom Davis (R-Va.), ranking member of the House Oversight and Government Reform Committee. However, the department’s focus on meeting FISMA requirements might have affected its ability to secure its IT environment, according to the IG’s report.