Editor’s Note: The GAO report Information Technology — FAA Needs to Address Weaknesses in Air Traffic Control Systems (GAO-15-221) is available here. Below are excerpts from the report.
From: GAO
Security Weaknesses Place Air Traffic Control Systems at Risk
Identified Security Weaknesses Were Not Always Addressed in a Timely Fashion
FAA Did Not Consistently Control Access to NAS [National Airspace System] Systems
FAA Did Not Always Ensure Users Were Properly Authorized to Access NAS Systems
FAA Did Not Consistently Implement Sufficient Audit and Monitoring Controls
Users with Significant Security Responsibilities Had Not Always Received Required Security Training
Security Controls Were Not Always Tested Sufficiently
NAS Incident Detection and Response Activities Were Limited
Inadequate Agency-Wide Information Security Risk Management Processes Contribute to Weaknesses in Security Controls and Security Management
Leave a Reply