DHS slow to test U.S. Visit security, privacy controls: GAO
- By Alice Lipowicz
- Feb 15, 2006
The Homeland Security Department has been so slow in assessing and testing basic system security and privacy controls for the U.S. Visitor and Immigrant Status Indicator Technology (U.S. Visit) that it may be jeopardizing the success of the program, according to a new report
from the Government Accountability Office.
U.S. Visit uses sophisticated technology systems to check fingerprints and photographs from foreign visitors arriving in the United States to verify their identities. The multibillion-dollar program is intended to serve as one of the cornerstones of the nation's immigration and border control policy.
GAO has been reviewing the program's effectiveness since 2002, and has made 18 strategic recommendations for management improvements.
The key recommendation, which the GAO issued about 30 months ago, that has yet to be adopted is to develop and begin implementing a system security plan and a privacy impact assessment.
Overall, DHS has implemented just two of the 18 recommendations, partially completed 11 and is just beginning on five, the GAO said.
"Although considerable time has passed since the recommendations were made, key actions have not yet been taken," the GAO said. The department lags in assessing security risks and planning cost-effective controls to address the risks, weighing the project's value against its cost and risk, and testing the controls, the report said.
The department has been stalled for two years or more on seven of the 11 partially finished goals, and for more than 10 months on seven of the other goals, the GAO said.
"The longer that U.S. Visit takes to implement the recommendations, the greater the risk that the program will not meet its stated goals on time and within budget," the report states.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.