GAO Finds IT Security Weaknesses at Education Dept.

Key operations in the Department of EducationÕs central automated processing system are at risk of disruption and unauthorized access, according to a report released Sept. 12 by the General Accounting Office.

A primary reason for Education DepartmentÕs computer security weaknesses was it had not yet fully implemented a comprehensive computer security management program, according to the report.

The GAO made the report, ÒEducation Information Security: Improvements Made But Control Weaknesses Remain,Ó at the request of the House Education and the Workforce subcommittee on select education.

The GAO assessed the effectiveness of security controls in the Department of Education system that support general ledger and funds management, grant planning and payment processing, and purchasing and contract management.

The study followed up on work by the departmentÕs inspector general, who earlier had found serious control weaknesses in this system. The report said the department has made progress in correcting security weaknesses the inspector general identified, but also found the system still lacked adequate safeguards for:

*Protecting networks from unauthorized users;

*Managing user IDs and passwords;

*Limiting access to all authorized users;

*Maintaining system software controls;

*Monitoring user access activity routinely;

*Physically protecting computer resources.

The GAO recommended that the Department of EducationÕs chief information officer and the chief financial officer correct the weaknesses and implement a comprehensive departmentwide computer security.

During fiscal 2000, the central automated processing system reportedly moved about $45.5 billion for various grant and loan programs, according to the report. It serves about 1,200 internal users and about 17,600 external users.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB