Andy Medici writes the IG found that DHS organizations still use information systems with expired authorizations to operate and do not have a formal process to monitor their IT infrastructures.
The IG also cited a lack of a centralized repository for storing DHS data in the public cloud, Medici reports.
âThey donât keep track of weaknesses when theyâre found, and they donât fix them in time to make a difference,” Sen. Tom Coburn (R-Okla.) said in response to the DHS IG report, according to the article.
Medici writes the IG recommended that DHS bolster its continuous monitoring strategy and ensure that IT systems all have updated ATOs.