From: HomelandSecurity.US
Despite the progress the Department of Homeland Security (DHS) made in taking actions to strengthen its information security program, not all components in Fiscal Year 2016 “consistently follow[ed] DHS’s policies and procedures to maintain current or complete information on remediating security weaknesses [in a] timely [manner],” according to a new DHS Inspector General (IG) audit report. “Components operated 79 unclassified systems with expired authorities to operate,” the IG found.
***
Continuing, the IG said, “We also identified deficiencies related to configuration management and continuous monitoring. Without addressing these deficiencies, the department cannot ensure that its systems are adequately secured to protect the sensitive information stored and processed in them.”