The Office of Personnel Management’s inspector general has evaluated OPM’s compliance with the Federal Information Security Modernization Act and found that up to 23 of its data networks operate without valid system authorizations.
OPM IG said in a Nov 10. audit report that it performed the audit at the agency’s Washington headquarters between April 2015 and September 2015.
The IG said it found the reorganization in the OPM’s office of the chief information officer has helped to improve agency’s information security governance.
The report cited that the CIO office at OPM did not craft configuration baselines for all operating systems despite its efforts to enforce a configuration management policy for information systems.
OPM also set up an enterprise network security operations center that oversees cyber incident detection and response operations, according to the report.
Other security issues found in the audit include gaps in OPM’s inventory of network devices, servers and databases; failure to implement the agency’s lifecycle policy for all system development programs; and lack of an adequate continuous monitoring program.