GSA's IG Identifies 4 IT Security Weakness

IG: Need to Strengthen Authentication, Configuration, Encryption
GSA's IG Identifies 4 IT Security Weakness
The General Services Administration needs to strengthen its IT security program in four key areas: secure configuration of agency systems, oversight of audit logging and monitoring practices, implementation of multifactor authentication for systems processing sensitive information and encryption of data on agency laptop computers, the GSA inspector general says in its latest IT security audit.

In the fiscal year 2010 audit required by the Federal Information Security Management Act, the IG recommends that GSA Chief Information Officer Casey Coleman:

  • Strengthen configuration management practices for GSA systems by increasing oversight of security officials' application of baseline configuration requirements and expanding technical testing processes to include authenticated scanning.
  • Work with system security officials to prioritize the implementation of audit logging and monitoring controls for GSA systems.
  • Ensure that all systems that are remotely accessed implement multi-factor authentication, as appropriate.
  • Implement an encryption solution for agency laptops that integrates into GSA's network environment.

The CIO concurs with the IG's findings.

Not all of the IG's comments are critical, crediting the GSA for taking steps to develop, document and implement an agency-wide IT security program. For example, the IG says, the CIO has updated GSA's IT security policy, published procedural guidance on a variety of information security topics and expanded the IT security program to cover cloud computing technologies.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.