Inspector General Reviews Interior Dept’s Continuous Diagnostics & Mitigation Program for 3 Bureaus’ IT Systems

cybersecurityThe Interior Department’s office of inspector general has found lapses in DOI’s Continuous Diagnostics and Mitigation program when it comes to safeguarding high-value information technology systems from cyber vulnerabilities.

OIG said in a report published Wednesday its findings are based on the assessment of CDM practices that DOI implements for IT assets operated by the department’s U.S. Geological Survey, Bureau of Reclamation and Bureau of Safety and Environmental Enforcement.

The CDM initiative calls for agencies to implement 15 continuous diagnostic control measures in three phases, according to the report.

Under the program’s Phase 1, agencies should use automated software platforms to facilitate the development and maintenance of computer software and hardware inventories as well as implement enterprise configuration and vulnerability management measures, the IG said.

The report said that DOI failed to mitigate critical network vulnerabilities on the bureaus’ IT assets as well as detect and eliminate potential malware from the IT systems.

The IG also noted that DOI’s office of chief information officer did not require the bureaus to deploy the department’s inventory management software on all computers, monitor computer configurations, create lists of approved software to safeguard systems from malware and comply with best practices for vulnerability mitigation and detection.

The inspector general offered six recommendations in response to the findings and in an effort to help DOI protect its IT infrastructure from potential exploitation.

Check Also

FireEye

FireEye to Provide Cybersecurity Defenses to Texas DIR; Pat Sheridan Quoted

FireEye, Inc. has announced that it will offer cyber security defenses to Texas public sector agencies, under Texas Department of Information Resources (DIR), the company reported on Thursday. Through the end of 2020, FireEye security products and Mandiant Solutions services will be available to all Texas agencies, county governments, cities and school districts through DIR’s Bulk Purchase Initiative for Endpoint Detection and Response (EDR) solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *