Inspector General: 23 OPM Data Systems Lack Authorization

cybersecurityThe Office of Personnel Management’s inspector general has evaluated OPM’s compliance with the Federal Information Security Modernization Act and found that up to 23 of its data networks operate without valid system authorizations.

OPM IG said in a Nov 10. audit report that it performed the audit at the agency’s Washington headquarters between April 2015 and September 2015.

The IG said it found the reorganization in the OPM’s office of the chief information officer has helped to improve agency’s information security governance.

The report cited that the CIO office at OPM did not craft configuration baselines for all operating systems despite its efforts to enforce a configuration management policy for information systems.

OPM also set up an enterprise network security operations center that oversees cyber incident detection and response operations, according to the report.

Other security issues found in the audit include gaps in OPM’s inventory of network devices, servers and databases; failure to implement the agency’s lifecycle policy for all system development programs; and lack of an adequate continuous monitoring program.

Check Also

Ryan McCarthy

Ryan McCarthy: Army Seeks ‘Transformational Change’ With Project Convergence Network Experiment

Ryan McCarthy, secretary of the U.S. Army and a 2020 Wash100 Award recipient, said he hopes the results of the service branch’s recent “Project Convergence” experiment will inform future network modernization efforts.

Leave a Reply

Your email address will not be published. Required fields are marked *