News organizations are publicizing a recent Department of Homeland Security Inspector General report on the Federal Emergency Management Agency (FEMA). The recently released (and highly redacted) report (pdf) found (1) 13 new weaknesses in the agency’s information technology systems, (2) that FEMA failed to correct 31 security issues discovered in the IG’s Fiscal 2007 review, and (3), FEMA successfully dealt with 10 weaknesses the IG found last year. 

The Inspector General said that the 44 weaknesses in FEMA’s information technology system  “collectively limit FEMA’s ability to ensure that critical financial and operational data is maintained in a manner to ensure confidentiality, integrity and availability.” The Inspector General’s auditors found problems in “key financial systems and effective access controls, service continuity, change controls, system software,” and agency-wide security program planning and management.

There is “weak password management,” according to the report. For example, almost 800 former agency and contractor employees have active accounts and access privileges. Read the complete redacted report (pdf).

This entry was posted on Thursday, September 4th, 2008 and is filed under Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.