Customs Agency Criticized For Network Security Lapses
The Customs and Border Patrol bureau failed to properly set computer controls that allow only authorized users to view financial data, and to certify networks complied with security standards, according to an audit released earlier this week by the Homeland Security Department's inspector general.
A number of problems the inspector general found in 2008 still were not fixed in fiscal 2009, according to the audit, which analyzed CBP's financial systems and was conducted by the accounting firm KPMG, Nextgov.com reported.
"Although we noted improvement, CBP still faces challenges related to the merging of numerous IT functions, controls, processes and organizational resource shortages," the report stated.
Specifically, administrators didn't regularly review changes to employees' access rights or enforce stringent password requirements. Also, systems were not configured to refuse a user to log on after failing a predetermined number of times, and the bureau didn't disable accounts after 45 days of inactivity, as required by department policy. CBP officials also failed to restrict what employees could access on the network to the least number of files required to perform their duties. To read more, click here.
Join the Discussion
The National Journal Group has the right (but not the obligation) to monitor the comments and to remove any materials it deems inappropriate.
Comments powered by Disqus