Skinner: Customs needs to plug gaps in IT security

Information technology security gaps created a material weakness in the U.S. Customs and Border Protection financial audit statements for fiscal 2007, according to a report released by Homeland Security Inspector General Richard Skinner.

The 70-page IT management letter was prepared by accounting firm KPMG LLP as part of the fiscal 2007 financial statements for the agency.

KPMG concluded that Customs and Border Protection continues to have problems in monitoring and enforcing IT system access controls, implementing security certifications and accreditations, and keeping better track of contractors with access to IT systems.

The problems have existed for more than a year, the report stated. "Many of the conditions identified at CBP in fiscal 2006 have not been corrected because CBP still faces challenges related to the merging of numerous IT functions, controls, processes, and organizational resource shortages."

During the year, CBP improved its IT security program planning and management. However, the report found continuing gaps in access controls and other areas.

"We noted significant access control vulnerabilities," the report stated. In some cases these involved users being able to access IT systems with group passwords and default passwords. The auditors recommended that the agency comply with departmental standards for password controls.

KPMG also recommended that the agency work toward implementing a more effective system of tracking contractor access to IT systems. The auditors classified this area as high risk.

"Deactivation of all systems access of terminated contractors should occur immediately upon separation from CBP. A listing of terminated contract personnel should be periodically distributed to information system administrators so they remove user access and periodically assess contractor access to CBP systems," the report stated.

In response, CBP officials said they are taking steps to ensure that the proper controls are in place.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.