The Office of Personnel Managementâs inspector general has evaluated OPMâs compliance with the Federal Information Security Modernization Act and found that up to 23 of its data networks operate without valid system authorizations.
OPM IG said in a Nov 10. audit report that it performed the audit at the agencyâs Washington headquarters between April 2015 and September 2015.
The IG said it found the reorganization in the OPM’s office of the chief information officer hasÂ helped to improveÂ agencyâs information security governance.
The report cited that the CIO office at OPMÂ did notÂ craft configuration baselines for all operating systems despite its efforts to enforce a configuration management policy for information systems.
OPMÂ also set up an enterprise network security operations center that oversees cyber incident detection and response operations, according to the report.
Other security issues foundÂ in theÂ audit includeÂ gaps in OPMâs inventory of network devices, servers and databases; failure to implement the agency’sÂ lifecycle policy for all system development programs; and lack of an adequate continuous monitoring program.