Inspector General: 23 OPM Data Systems Lack Authorization

1 min read

cybersecurityThe Office of Personnel Management’s inspector general has evaluated OPM’s compliance with the Federal Information Security Modernization Act and found that up to 23 of its data networks operate without valid system authorizations.

OPM IG said in a Nov 10. audit report that it performed the audit at the agency’s Washington headquarters between April 2015 and September 2015.

The IG said it found the reorganization in the OPM’s office of the chief information officer has helped to improve agency’s information security governance.

The report cited that the CIO office at OPM did not craft configuration baselines for all operating systems despite its efforts to enforce a configuration management policy for information systems.

OPM also set up an enterprise network security operations center that oversees cyber incident detection and response operations, according to the report.

Other security issues found in the audit include gaps in OPM’s inventory of network devices, servers and databases; failure to implement the agency’s lifecycle policy for all system development programs; and lack of an adequate continuous monitoring program.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology

Leave a Reply

Your email address will not be published.

Become a Registered Reader
Register to enjoy unlimited access to articles, interviews, and invaluable govcon content. You'll also receive our daily briefing straight to your inbox.

This will close in 0 seconds