Tech

Watchdog: State Department IT security has glaring problems

An independent audit done by D.C. auditing firm Williams, Adley & Company found two glaring deficiencies with the State Department, the details of which were heavily redacted in report’s public release.

By Greg Otto

November 20, 2015

An audit of the State Department’s information security program shows it’s not in line with federal requirements and the chief information officer is not equipped to make sure the program is effective, according to a new inspector general report.

Of the details that were made publicly available, the audit found the CIO is not “properly positioned within the organization” to ensure the department’s security programs are effective.

Additionally, the auditors found that the information security programs were not in compliance with Federal Information Security Management Act, Office of Management and Budget, and National Institute of Standards and Technology requirements, despite efforts taken to improve the plan.

The report also takes issue with medium- and high-risk vulnerabilities that went unreported, access management issues, and email accounts. However the details of what auditors found have been completely stripped from the report.

A spokesperson for the State’s IG office told FedScoop the redactions were due to information included in the report that the department’s general counsel deemed to be exempt from Freedom of Information Act requests and therefore didn’t need to be included.

The State Department was the entryway for a breach of the White House’s sensitive but unclassified computer systems earlier this year, according to U.S. officials. That breach has since been attributed to Russian hackers.

Read the full inspector general report here.

Watchdog: State Department IT security has glaring problems

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

Senate bill calls on NIST to boost work on emerging tech standards

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

More Scoops

State Department trims several uses from public AI inventory

State Department is launching an internal chatbot

NTIA calls for independent audits of AI systems in new accountability report

Peaceful protests, lawful assembly can’t be sole reason for DOJ facial recognition use under interim policy

NTIA’s spectrum IT modernization plans have several gaps, GAO reports

Tech issues are part of the problem — and solution — for FOIA backlog, GAO finds

NASA investigating 2023 theft of astronaut training devices

Latest Podcasts

Watchdog: State Department IT security has glaring problems

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

ManTech leaders discuss innovation and security with Google technologies

Tech

Defense

Cyber

Acquisition