TheÂ Department of Homeland Security‘s inspector general evaluated DHSâ information security program for fiscal 2017 in compliance with the Federal Information Security Modernization Act of 2014 and found that 64 of its national security and unclassified systems lacked authority to operate.
DHS IG said in a report published WednesdayÂ the department failed to implement all configuration settings needed to safeguard component systems, track software licenses for unclassified platforms and test contingency plans for systems.
The inspector general called on the departmentâs chief information security officer to work with DHSâ undersecretary for management to implement strategies in order to ensure that components carry out measures to address continuous monitoring, weakness remediation and security authorization issues.
DHS should update its continuous monitoring strategy for data systems to include an updated inventory of software licenses and assets, stop the use of unsupported operating systems as well as execute controls and quality assessments to ensure the accuracy of data encoded into the agencyâs enterprise management platforms.
The department achieved Level 4 when it comes to the management of identified cyber risks and measures implemented by DHSâ security operations center to address cyber incidents.
Level 4 in the FISMA reporting instructions for fiscal 2017 is defined as âmanaged and measurableâ and seeks to reflect that an agencyâs information security program has an âeffectiveâ cyber function.