An Audit Report from USDA’s Office of Inspector General revealed continuing weaknesses in the sprawling department’s compliance with FISMA requirements. The report noted that in 2009 and 2010, the OIG
made 33 recommendations for improving the overall security of USDA’s systems. By the end of FY 2011, the Department had adequately remediated and closed only 6 recommendations, leaving 27 to be addressed. OIG has reported on many of these remaining recommendations since 2001 when we first detailed material weaknesses in the design and effectiveness of USDA’s overall IT security program.
The OIG report recommended that:
We recommended that USDA and its agencies work together to define and accomplish one or two critical objectives before proceeding to the next set of priorities. During FY 2011, we observed increased evidence of coordination, but the Department was not making measurable progress in approaching this problem collaboratively. For example, during FYs 2010 and 2011, the Office of the Chief Information Officer (OCIO) received increased budgetary authority to enhance USDA’s IT security. The Department funded 14 separate projects with none of these projects being fully implemented during FY 2011; instead, funding was cut and nearly all of the projects were significantly scaled back, pushing implementation dates further into the future.
ON the positive side, the report noted that
USDA also finished deploying a suite of network monitoring and detection tools, which should further enhance the security of its networks. The suite is an integrated security solution that provides the foundation for enterprise-wide security monitoring, detection, and protection. Once USDA deploys adequate resources to properly configure and completely monitor these tools, the Department’s security posture should greatly improve.
Leave a Reply