Cybersecurity issues remain unresolved at Commerce agencies, say auditors


Information technology problems within Commerce Department agencies are among the department's most pressing unresolved issues, says the Commerce office of inspector general.

In a Dec. 28 letter (.pdf) to the House Oversight and Government Reform Committee, auditors include OIG recommendations related to cybersecurity as one of five groups of unimplemented changes constituting short-term priorities within the department.

A Sept. 7 audit found "significant" deficiencies in National Telecommunications and Information Administration cybersecurity including "major inadequacies in NTIA's process to remediate security weaknesses," the letter notes. NTIA has yet to implement some auditor recommendations, the letter says, including full implementation of a plan of actions and a milestones process to ensure that problems are identified, categorized, tracked and remediated within a certain time period.

A Sept. 27 audit also identified weaknesses at the International Trade Administration that included patch management deficiencies and weak database security. ITA officials have yet to implement auditor-recommended policies that would ensure only authorized software and USB devices are used on the agency network and that would place greater security measures on worldwide ITA traffic flows, the letter says.

As for unfulfilled long-term recommendations, Patent and Trademark Office management of its Patent End-to-End system constitutes one of five groups of issues requiring better management, too, auditors say in the letter.

A Sept. 29, 2011, audit found PTO neglected long-term system planning, including creation of a prioritized release schedule and a high-level service architecture. As of September 2012, work was still underway to develop those planning milestones, auditors say.

Other issues cited by auditors include National Oceanic and Atmospheric Administration management of the environmental satellite programs as a short-term priority and Census Bureau management of the 2020 decennial census as a long-term priority.

For more:
- download the Dec. 28 Commerce OIG letter (.pdf)

Related Articles:
NTIA IT security 'significantly' deficient, says OIG
ITA security categorization and controls deficient, finds OIG
NOAA seeks feedback in mitigating satellite gap
GAO: Census Bureau must take action to improve IT management