Skinner: Customs needs to plug gaps in IT security

Information technology security gaps created a material weakness in the U.S. Customs and Border Protection financial audit statements for fiscal 2007, according to a report released by Homeland Security Inspector General Richard Skinner.

The 70-page IT management letter was prepared by accounting firm KPMG LLP as part of the fiscal 2007 financial statements for the agency.

KPMG concluded that Customs and Border Protection continues to have problems in monitoring and enforcing IT system access controls, implementing security certifications and accreditations, and keeping better track of contractors with access to IT systems.

The problems have existed for more than a year, the report stated. "Many of the conditions identified at CBP in fiscal 2006 have not been corrected because CBP still faces challenges related to the merging of numerous IT functions, controls, processes, and organizational resource shortages."

During the year, CBP improved its IT security program planning and management. However, the report found continuing gaps in access controls and other areas.

"We noted significant access control vulnerabilities," the report stated. In some cases these involved users being able to access IT systems with group passwords and default passwords. The auditors recommended that the agency comply with departmental standards for password controls.

KPMG also recommended that the agency work toward implementing a more effective system of tracking contractor access to IT systems. The auditors classified this area as high risk.

"Deactivation of all systems access of terminated contractors should occur immediately upon separation from CBP. A listing of terminated contract personnel should be periodically distributed to information system administrators so they remove user access and periodically assess contractor access to CBP systems," the report stated.

In response, CBP officials said they are taking steps to ensure that the proper controls are in place.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.